What is the severity of CVE-2024-40809?

The severity of CVE-2024-40809 is classified as a high risk due to the potential for a bypass of Internet permission requirements.

Which Apple products are affected by CVE-2024-40809?

CVE-2024-40809 affects Apple products including iOS, iPadOS, watchOS, visionOS, and both macOS Ventura and Monterey.

What types of issues does CVE-2024-40809 address?

CVE-2024-40809 addresses a logic issue that could allow shortcuts to bypass Internet permission requirements.

Is there a workaround for CVE-2024-40809?

There is no known workaround for CVE-2024-40809, and users are advised to update their devices to the latest versions to mitigate the risk.

Vulnerability/
CVE-2024-40809

high

7.8

CWE

20 362 190 119

29/7/2024

13/11/2024

CVE-2024-40809: Input Validation

Q: How do I fix CVE-2024-40809?

To fix CVE-2024-40809, update your device to iOS 16.7.9, iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, visionOS 1.3, or macOS Sonoma 14.6.

First published: Mon Jul 29 2024(Updated: )

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.

Credit: an anonymous researcher Zhongquan Li @Guluisacat Dawn Security Lab of JingDongMickey Jin @patch1t Mickey Jin @patch1t Kandji KandjiCsaba Fitzl @theevilbit KandjiMateen Alinaghi Claudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosCsaba Fitzl @theevilbit Offensive SecurityYadhu Krishna M Cyber Security At Suma Soft PvtNarendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtPune (India) Wojciech Regula SecuRing Dawn Security Lab of JingDongKirin @Pwnrin Joshua Jones Adam M. Jiwon Park Marcio Almeida Tanto SecurityBistrit Dahal Srijan Poudel Jiahui Hu (梅零落) NorthSeaMeng Zhang (鲸落) NorthSeaArsenii Kostromin (0x3c3e) Huang Xilin Ant Group LightMaksymilian Motyl Johan Carlsson (joaxcar) Seunghyun Lee @0x10n KAIST Hacking Lab working with Trend Micro Zero Day InitiativeCVE-2024-4558 Matthew Butler Gary Kwong Andreas Jaegersberger Ro Achterberg CertiK SkyFall Team sqrtpwn Minghao Lin Zhejiang UniversityJiaxun Zhu Zhejiang UniversityPatrick Wardle DoubleYouCVE-2024-40805 Rodolphe BRUNETTI @eisw0lf CVE-2024-6387 Ye Zhang @VAR10CK Baidu SecurityJunsung Lee Trend Micro Zero Day InitiativeGandalf4a D4m0n w0wbox CVE-2023-6277 CVE-2023-52356 Yisumi Amir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsJacob Braun Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaMinghao Lin Baidu Security Baidu SecurityMichael DePlante @izobashi Trend Micro Zero Day InitiativeCVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 CVE-2024-23296 Matthew Loewen Yann Gascuel Alter Solutions CrowdStrike Counter Adversary OperationsIES Red Team ByteDanceYeto Pr BarPr Hebrew University EP Hanqiu Wang University of FloridaZihao Zhan Texas Tech UniversityHaoqi Shan CertikSiqi Dai University of FloridaMax Panoff University of Florida University of FloridaShuo Wang University of FloridaMinghao Lin Meysam Firouzi @R00tkitSMM product-security@apple.com

Affected Software	Affected Version	How to fix
Apple visionOS	<1.3	1.3
Apple macOS Monterey	<12.7.6	12.7.6
Apple macOS	<14.6	14.6
Apple macOS	<13.6.8	13.6.8
watchOS	<10.6	10.6
Apple iOS	<17.6	17.6
iPadOS	<17.6	17.6
Apple iOS	<16.7.9	16.7.9
iPadOS	<16.7.9	16.7.9
iPadOS	<16.7.9
iPadOS	>=17.0<17.6
Apple iPhone OS	<16.7.9
Apple iPhone OS	>=17.0<17.6
Apple macOS	<12.7.6
Apple macOS	>=13.0<13.6.8
Apple macOS	>=14.0<14.6
Apple visionOS	<1.3
watchOS	<10.6

Never miss a vulnerability like this again

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-27826
CVE-2024-27804
CVE-2024-40799
CVE-2023-6277
CVE-2023-52356
CVE-2024-40806
CVE-2024-40777
CVE-2024-40784
CVE-2024-27863
CVE-2024-27823
CVE-2024-40788
CVE-2024-40809
CVE-2024-40812
CVE-2024-40776
CVE-2024-40782
CVE-2024-40779
CVE-2024-40780
CVE-2024-40785
CVE-2024-40789
CVE-2024-40783
CVE-2024-40775
CVE-2024-40774
CVE-2024-27877
CVE-2024-27873
CVE-2024-2004
CVE-2024-2379
CVE-2024-2398
CVE-2024-2466
CVE-2024-40827
CVE-2024-40828
CVE-2024-40816
CVE-2024-40803
CVE-2024-40796
CVE-2024-6387
CVE-2024-40781
CVE-2024-40802
CVE-2024-40823
CVE-2024-27882
CVE-2024-27883
CVE-2024-40800
CVE-2024-23296
CVE-2024-40817
CVE-2024-27881
CVE-2024-40821
CVE-2024-40798
CVE-2024-40833
CVE-2024-40835
CVE-2024-40807
CVE-2024-40834
CVE-2024-40787
CVE-2024-40793
CVE-2024-23261
CVE-2024-40804
CVE-2023-38709
CVE-2024-24795
CVE-2024-27316
CVE-2024-40814
CVE-2024-27878
CVE-2024-40815
CVE-2024-40795
CVE-2024-40805
CVE-2024-40832
CVE-2024-40778
CVE-2023-27952
CVE-2024-40824
CVE-2024-27871
CVE-2024-27872
CVE-2024-27862
CVE-2024-40836
CVE-2024-40818
CVE-2024-40822
CVE-2024-40811
CVE-2024-4558
CVE-2024-40794
CVE-2024-40786
CVE-2024-40829
CVE-2024-44306
CVE-2024-44307
CVE-2024-44141
CVE-2024-40810
CVE-2024-44205
CVE-2024-44185
CVE-2024-44206
CVE-2024-40865
CVE-2024-40813

Frequently Asked Questions

What is the severity of CVE-2024-40809?
The severity of CVE-2024-40809 is classified as a high risk due to the potential for a bypass of Internet permission requirements.
How do I fix CVE-2024-40809?
To fix CVE-2024-40809, update your device to iOS 16.7.9, iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, visionOS 1.3, or macOS Sonoma 14.6.
Which Apple products are affected by CVE-2024-40809?
CVE-2024-40809 affects Apple products including iOS, iPadOS, watchOS, visionOS, and both macOS Ventura and Monterey.
What types of issues does CVE-2024-40809 address?
CVE-2024-40809 addresses a logic issue that could allow shortcuts to bypass Internet permission requirements.
Is there a workaround for CVE-2024-40809?
There is no known workaround for CVE-2024-40809, and users are advised to update their devices to the latest versions to mitigate the risk.

agent/first-publish-date
agent/type
collector/apple-support
source/Apple
alias/CVE-2024-40812
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/severity
agent/trending
agent/source
agent/software-canonical-lookup-request
alias/CVE-2024-2004
alias/CVE-2024-2379
alias/CVE-2024-2398
alias/CVE-2024-2466
alias/CVE-2024-40827
alias/CVE-2024-44141
alias/CVE-2024-40815
alias/CVE-2024-40795
alias/CVE-2023-6277
alias/CVE-2023-52356
alias/CVE-2024-40806
alias/CVE-2024-40777
alias/CVE-2024-40784
alias/CVE-2024-40810
alias/CVE-2024-27863
alias/CVE-2024-40816
alias/CVE-2024-40788
alias/CVE-2024-40803
alias/CVE-2024-40805
alias/CVE-2024-40832
alias/CVE-2024-40796
alias/CVE-2024-6387
alias/CVE-2024-40781
alias/CVE-2024-40802
alias/CVE-2024-40823
alias/CVE-2024-27882
alias/CVE-2024-27883
alias/CVE-2024-40778
alias/CVE-2024-40800
alias/CVE-2023-27952
alias/CVE-2024-40817
alias/CVE-2024-40824
alias/CVE-2024-27871
alias/CVE-2024-27881
alias/CVE-2024-40821
alias/CVE-2024-40798
alias/CVE-2024-27872
alias/CVE-2024-27862
alias/CVE-2024-40833
alias/CVE-2024-40835
alias/CVE-2024-40836
alias/CVE-2024-40807
alias/CVE-2024-40834
alias/CVE-2024-40809
alias/CVE-2024-40787
alias/CVE-2024-40793
alias/CVE-2024-40818
alias/CVE-2024-40822
alias/CVE-2024-44205
alias/CVE-2024-40828
alias/CVE-2024-40811
alias/CVE-2024-40776
alias/CVE-2024-40782
alias/CVE-2024-40779
alias/CVE-2024-40780
alias/CVE-2024-40785
alias/CVE-2024-40789
alias/CVE-2024-4558
alias/CVE-2024-40794
alias/CVE-2024-44185
alias/CVE-2024-44206
alias/CVE-2024-27873
alias/CVE-2023-38709
alias/CVE-2024-24795
alias/CVE-2024-27316
alias/CVE-2024-40783
alias/CVE-2024-40774
alias/CVE-2024-40814
alias/CVE-2024-40775
alias/CVE-2024-27877
alias/CVE-2024-27878
alias/CVE-2024-44306
alias/CVE-2024-44307
alias/CVE-2024-40799
alias/CVE-2024-40786
alias/CVE-2024-23261
alias/CVE-2024-40829
alias/CVE-2024-27823
alias/CVE-2024-40865
alias/CVE-2024-27804
alias/CVE-2024-27826
agent/event
alias/CVE-2024-23296
alias/CVE-2024-40813
agent/author
agent/description
agent/weakness
agent/last-modified-date
agent/references
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/apple
canonical/apple visionos
canonical/apple macos monterey
canonical/apple macos
canonical/watchos
canonical/apple ios
canonical/ipados
version/ipados/17.0
canonical/apple iphone os
version/apple iphone os/17.0
version/apple macos/13.0
version/apple macos/14.0

CVE-2024-40809: Input Validation

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Peer vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-40809?

How do I fix CVE-2024-40809?

Which Apple products are affected by CVE-2024-40809?

What types of issues does CVE-2024-40809 address?

Is there a workaround for CVE-2024-40809?

Company

Resources

Contact