First published: Mon Jul 29 2024(Updated: )
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Safari | <17.6 | 17.6 |
Apple iOS | <17.6 | 17.6 |
Apple iPadOS | <17.6 | 17.6 |
Apple Safari | <17.6 | |
Apple iPadOS | <17.6 | |
Apple iPhone OS | <17.6 | |
Apple macOS | <14.6 | |
Apple macOS | <14.6 | 14.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2024-40794 has a high severity due to the potential unauthorized access to private browsing tabs without authentication.
To fix CVE-2024-40794, update to macOS Sonoma 14.6, iOS 17.6, iPadOS 17.6, or Safari 17.6.
CVE-2024-40794 affects Apple Safari versions up to 17.6, iOS versions up to 17.6, iPadOS versions up to 17.6, and macOS Sonoma versions up to 14.6.
CVE-2024-40794 is a vulnerability in WebKit that involves improper state management allowing access to private browsing tabs.
No, CVE-2024-40794 allows private browsing tabs to be accessed without authentication due to the vulnerability.