CVE-2024-40799: Input Validation
First published: Mon Jul 29 2024(Updated: )
Accounts. The issue was addressed with improved checks.
Credit: D4m0n Mickey Jin @patch1t w0wbox Csaba Fitzl @theevilbit KandjiCVE-2023-6277 CVE-2023-52356 Yisumi Junsung Lee Trend Micro Zero Day Initiative CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsGandalf4a CertiK SkyFall Team Minghao Lin Zhejiang UniversityJiaxun Zhu Zhejiang UniversityCVE-2024-40805 Wojciech Regula SecuRingZhongquan Li @Guluisacat Dawn Security Lab of JingDongHuang Xilin Ant Group LightMaksymilian Motyl Johan Carlsson (joaxcar) Seunghyun Lee @0x10n KAIST Hacking Lab working with Trend Micro Zero Day InitiativeGary Kwong Andreas Jaegersberger Ro Achterberg Jacob Braun an anonymous researcher Kirin @Pwnrin Bistrit Dahal Srijan Poudel Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaMinghao Lin Baidu Security Baidu SecurityYe Zhang @VAR10CK Baidu SecurityMichael DePlante @izobashi Trend Micro Zero Day InitiativeCVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 sqrtpwn Patrick Wardle DoubleYouAdam M. CVE-2024-6387 Claudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosCVE-2024-23296 Yadhu Krishna M Cyber Security At Suma Soft PvtNarendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtPune (India) Joshua Jones Marcio Almeida Tanto SecurityJiahui Hu (梅零落) NorthSeaMeng Zhang (鲸落) NorthSeaMatthew Loewen Yann Gascuel Alter SolutionsRodolphe BRUNETTI @eisw0lf Mickey Jin @patch1t Kandji KandjiMateen Alinaghi Csaba Fitzl @theevilbit Offensive Security Dawn Security Lab of JingDongJiwon Park Arsenii Kostromin (0x3c3e) CVE-2024-4558 Matthew Butler IES Red Team ByteDanceYeto Minghao Lin Meysam Firouzi @R00tkitSMM Pr BarPr Hebrew University EP Hanqiu Wang University of FloridaZihao Zhan Texas Tech UniversityHaoqi Shan CertikSiqi Dai University of FloridaMax Panoff University of Florida University of FloridaShuo Wang University of Florida product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Monterey | <12.7.6 | 12.7.6 |
| Apple macOS | <14.6 | 14.6 |
| Apple macOS | <13.6.8 | 13.6.8 |
| tvOS | <17.6 | 17.6 |
| Apple iOS, iPadOS, and watchOS | <16.7.9 | |
| Apple iOS, iPadOS, and watchOS | >=17.0<17.6 | |
| iOS | <16.7.9 | |
| iOS | >=17.0<17.6 | |
| Apple iOS and macOS | <12.7.6 | |
| Apple iOS and macOS | >=13.0<13.6.8 | |
| Apple iOS and macOS | >=14.0<14.6 | |
| tvOS | <17.6 | |
| visionOS | <1.3 | |
| Apple iOS, iPadOS, and watchOS | <10.6 | |
| Apple iOS, iPadOS, and watchOS | <16.7.9 | 16.7.9 |
| Apple iOS, iPadOS, and watchOS | <16.7.9 | 16.7.9 |
| Apple iOS, iPadOS, and watchOS | <17.6 | 17.6 |
| Apple iOS, iPadOS, and watchOS | <17.6 | 17.6 |
| Apple iOS, iPadOS, and watchOS | <10.6 | 10.6 |
| visionOS | <1.3 | 1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT214118 (Advisory)
- https://support.apple.com/en-us/HT214123 (Advisory)
- https://support.apple.com/en-us/HT214116 (Advisory)
- https://support.apple.com/en-us/HT214117 (Advisory)
- https://support.apple.com/en-us/HT214120 (Advisory)
- https://support.apple.com/en-us/HT214124 (Advisory)
- https://support.apple.com/en-us/HT214119 (Advisory)
- https://support.apple.com/en-us/HT214122 (Advisory)
- http://seclists.org/fulldisclosure/2024/Jul/16
- http://seclists.org/fulldisclosure/2024/Jul/23
- http://seclists.org/fulldisclosure/2024/Jul/21
- http://seclists.org/fulldisclosure/2024/Jul/20
- http://seclists.org/fulldisclosure/2024/Jul/17
- http://seclists.org/fulldisclosure/2024/Jul/22
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://seclists.org/fulldisclosure/2024/Jul/19
- https://support.apple.com/en-us/120914 (Advisory)
- https://support.apple.com/en-us/120916 (Advisory)
- https://support.apple.com/en-us/120910 (Advisory)
- https://support.apple.com/en-us/120911 (Advisory)
- https://support.apple.com/en-us/120909 (Advisory)
- https://support.apple.com/en-us/120908 (Advisory)
- https://support.apple.com/en-us/120912 (Advisory)
- https://support.apple.com/en-us/120915 (Advisory)
- https://support.apple.com/kb/HT214118
- https://support.apple.com/kb/HT214119
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-40783
- CVE-2024-27826
- CVE-2024-40775
- CVE-2024-40774
- CVE-2024-27877
- CVE-2024-40799
- CVE-2024-27873
- CVE-2024-2004
- CVE-2024-2379
- CVE-2024-2398
- CVE-2024-2466
- CVE-2024-40827
- CVE-2024-40828
- CVE-2023-6277
- CVE-2023-52356
- CVE-2024-40806
- CVE-2024-40816
- CVE-2024-40788
- CVE-2024-40803
- CVE-2024-40796
- CVE-2024-6387
- CVE-2024-40781
- CVE-2024-40802
- CVE-2024-40823
- CVE-2024-27882
- CVE-2024-27883
- CVE-2024-40800
- CVE-2024-23296
- CVE-2024-40817
- CVE-2024-27881
- CVE-2024-40821
- CVE-2024-40798
- CVE-2024-40833
- CVE-2024-40835
- CVE-2024-40807
- CVE-2024-40834
- CVE-2024-40787
- CVE-2024-40793
- CVE-2024-40809
- CVE-2024-40812
- CVE-2024-23261
- CVE-2024-40804
- CVE-2023-38709
- CVE-2024-24795
- CVE-2024-27316
- CVE-2024-40814
- CVE-2024-27878
- CVE-2024-40815
- CVE-2024-40795
- CVE-2024-40777
- CVE-2024-40784
- CVE-2024-27863
- CVE-2024-40805
- CVE-2024-40832
- CVE-2024-40778
- CVE-2023-27952
- CVE-2024-40824
- CVE-2024-27871
- CVE-2024-27872
- CVE-2024-27862
- CVE-2024-40836
- CVE-2024-40818
- CVE-2024-40822
- CVE-2024-40811
- CVE-2024-40776
- CVE-2024-40782
- CVE-2024-40779
- CVE-2024-40780
- CVE-2024-40785
- CVE-2024-40789
- CVE-2024-4558
- CVE-2024-40794
- CVE-2024-40786
- CVE-2024-40829
- CVE-2024-44306
- CVE-2024-44307
- CVE-2024-44141
- CVE-2024-40810
- CVE-2024-44205
- CVE-2024-44185
- CVE-2024-44206
- CVE-2024-40813
- CVE-2024-27804
- CVE-2024-27823
- CVE-2024-40865
Frequently Asked Questions
What is the severity of CVE-2024-40799?
The severity of CVE-2024-40799 is rated as significant due to the potential for out-of-bounds read issues.
How do I fix CVE-2024-40799?
To fix CVE-2024-40799, update your devices to the latest versions including iOS 16.7.9, iPadOS 16.7.9, macOS Ventura 13.6.8, or other patched versions.
What types of devices are affected by CVE-2024-40799?
CVE-2024-40799 affects multiple Apple devices including iPhones, iPads, Macs, Apple Watches, Apple TVs, and visionOS devices.
What are the patched versions for CVE-2024-40799?
The patched versions for CVE-2024-40799 include iOS 17.6, iPadOS 17.6, macOS Ventura 13.6.8, and other specified recent updates.
Is CVE-2024-40799 a common vulnerability?
CVE-2024-40799 is an out-of-bounds read vulnerability, which is a common type of security issue that can lead to data leaks.
- agent/first-publish-date
- agent/type
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/source
- agent/software-canonical-lookup-request
- alias/CVE-2024-27873
- alias/CVE-2024-2004
- alias/CVE-2024-2379
- alias/CVE-2024-2398
- alias/CVE-2024-2466
- alias/CVE-2024-40827
- alias/CVE-2024-44141
- alias/CVE-2024-40815
- alias/CVE-2024-40795
- alias/CVE-2023-6277
- alias/CVE-2023-52356
- alias/CVE-2024-40806
- alias/CVE-2024-40777
- alias/CVE-2024-40784
- alias/CVE-2024-40810
- alias/CVE-2024-27863
- alias/CVE-2024-40816
- alias/CVE-2024-40788
- alias/CVE-2024-40803
- alias/CVE-2024-40805
- alias/CVE-2024-40832
- alias/CVE-2024-40796
- alias/CVE-2024-6387
- alias/CVE-2024-40781
- alias/CVE-2024-40802
- alias/CVE-2024-40823
- alias/CVE-2024-27882
- alias/CVE-2024-27883
- alias/CVE-2024-40778
- alias/CVE-2024-40800
- alias/CVE-2023-27952
- alias/CVE-2024-40817
- alias/CVE-2024-40824
- alias/CVE-2024-27871
- alias/CVE-2024-27881
- alias/CVE-2024-40821
- alias/CVE-2024-40798
- alias/CVE-2024-27872
- alias/CVE-2024-27862
- alias/CVE-2024-40833
- alias/CVE-2024-40835
- alias/CVE-2024-40836
- alias/CVE-2024-40807
- alias/CVE-2024-40834
- alias/CVE-2024-40809
- alias/CVE-2024-40812
- alias/CVE-2024-40787
- alias/CVE-2024-40793
- alias/CVE-2024-40818
- alias/CVE-2024-40822
- alias/CVE-2024-44205
- alias/CVE-2024-40828
- alias/CVE-2024-40811
- alias/CVE-2024-40776
- alias/CVE-2024-40782
- alias/CVE-2024-40779
- alias/CVE-2024-40780
- alias/CVE-2024-40785
- alias/CVE-2024-40789
- alias/CVE-2024-4558
- alias/CVE-2024-40794
- alias/CVE-2024-44185
- alias/CVE-2024-44206
- alias/CVE-2023-38709
- alias/CVE-2024-24795
- alias/CVE-2024-27316
- alias/CVE-2024-40783
- alias/CVE-2024-40774
- alias/CVE-2024-40814
- alias/CVE-2024-40775
- alias/CVE-2024-27877
- alias/CVE-2024-27878
- alias/CVE-2024-44306
- alias/CVE-2024-44307
- alias/CVE-2024-40799
- alias/CVE-2024-40786
- alias/CVE-2024-23261
- alias/CVE-2024-40829
- alias/CVE-2024-27826
- agent/event
- alias/CVE-2024-23296
- agent/last-modified-date
- agent/references
- agent/author
- agent/description
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- alias/CVE-2024-40813
- alias/CVE-2024-27804
- alias/CVE-2024-27823
- alias/CVE-2024-40865
- vendor/apple
- canonical/apple macos monterey
- canonical/apple macos
- canonical/tvos
- canonical/apple ios, ipados, and watchos
- version/apple ios, ipados, and watchos/17.0
- canonical/ios
- version/ios/17.0
- canonical/apple ios and macos
- version/apple ios and macos/13.0
- version/apple ios and macos/14.0
- canonical/visionos