What is the severity of CVE-2024-40818?

CVE-2024-40818 is a moderate severity vulnerability related to Siri on locked devices.

How do I fix CVE-2024-40818?

To fix CVE-2024-40818, update your device to iOS 16.7.9, iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6, iPadOS 17.6, watchOS 10.6, or macOS Sonoma 14.6.

Which devices are affected by CVE-2024-40818?

CVE-2024-40818 affects devices running iOS, iPadOS, watchOS, and macOS versions listed prior to their respective updates.

What type of issue does CVE-2024-40818 address?

CVE-2024-40818 addresses an issue with overriding restrictions on options available on a locked device.

Is CVE-2024-40818 specific to Apple products?

Yes, CVE-2024-40818 specifically affects several Apple products including iPhones, iPads, Macs, and Apple Watches.

Vulnerability/
CVE-2024-40818

medium

4.6

CWE

20 362 190 119

29/7/2024

13/11/2024

CVE-2024-40818: Input Validation

First published: Mon Jul 29 2024(Updated: )

Accounts. The issue was addressed with improved checks.

Credit: Bistrit Dahal Srijan Poudel Zhongquan Li @Guluisacat Dawn Security Lab of JingDongMickey Jin @patch1t Mickey Jin @patch1t Kandji KandjiCsaba Fitzl @theevilbit KandjiMateen Alinaghi Claudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosCsaba Fitzl @theevilbit Offensive SecurityYadhu Krishna M Cyber Security At Suma Soft PvtNarendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtPune (India) Wojciech Regula SecuRing Dawn Security Lab of JingDongKirin @Pwnrin Joshua Jones Adam M. Jiwon Park an anonymous researcher Marcio Almeida Tanto SecurityJiahui Hu (梅零落) NorthSeaMeng Zhang (鲸落) NorthSeaArsenii Kostromin (0x3c3e) Huang Xilin Ant Group LightMaksymilian Motyl Johan Carlsson (joaxcar) Seunghyun Lee @0x10n KAIST Hacking Lab working with Trend Micro Zero Day InitiativeCVE-2024-4558 Matthew Butler Gary Kwong Andreas Jaegersberger Ro Achterberg CertiK SkyFall Team sqrtpwn Minghao Lin Zhejiang UniversityJiaxun Zhu Zhejiang UniversityPatrick Wardle DoubleYouCVE-2024-40805 Rodolphe BRUNETTI @eisw0lf CVE-2024-6387 Ye Zhang @VAR10CK Baidu SecurityJunsung Lee Trend Micro Zero Day InitiativeGandalf4a D4m0n w0wbox CVE-2023-6277 CVE-2023-52356 Yisumi Amir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsJacob Braun Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaCVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466 Yann Gascuel Alter Solutions CrowdStrike Counter Adversary OperationsIES Red Team ByteDanceYeto Michael DePlante @izobashi Trend Micro Zero Day InitiativeMinghao Lin Baidu Security Baidu SecurityMatthew Loewen product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iOS	<17.6	17.6
Apple iPadOS	<17.6	17.6
Apple iOS	<16.7.9	16.7.9
Apple iPadOS	<16.7.9	16.7.9
Apple macOS	<14.6	14.6
Apple macOS	<13.6.8	13.6.8
watchOS	<10.6	10.6
Apple iPadOS	<16.7.9
Apple iPadOS	>=17.0<17.6
Apple iPhone OS	<16.7.9
Apple iPhone OS	>=17.0<17.6
Apple macOS	<13.6.8
Apple macOS	>=14.0<14.6
watchOS	<10.6

Never miss a vulnerability like this again

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-40774
CVE-2024-40799
CVE-2024-27873
CVE-2024-40815
CVE-2024-40795
CVE-2023-6277
CVE-2023-52356
CVE-2024-40806
CVE-2024-40777
CVE-2024-40784
CVE-2024-27863
CVE-2024-40788
CVE-2024-40805
CVE-2024-40813
CVE-2024-40778
CVE-2024-40824
CVE-2024-27871
CVE-2024-40835
CVE-2024-40836
CVE-2024-40809
CVE-2024-40812
CVE-2024-40787
CVE-2024-40793
CVE-2024-40786
CVE-2024-40818
CVE-2024-40822
CVE-2024-40829
CVE-2024-40776
CVE-2024-40782
CVE-2024-40779
CVE-2024-40780
CVE-2024-40785
CVE-2024-40789
CVE-2024-4558
CVE-2024-40794
CVE-2024-40796
CVE-2024-40798
CVE-2024-40833
CVE-2024-40804
CVE-2023-38709
CVE-2024-24795
CVE-2024-27316
CVE-2024-40783
CVE-2024-40814
CVE-2024-40775
CVE-2024-27877
CVE-2024-27878
CVE-2024-2004
CVE-2024-2379
CVE-2024-2398
CVE-2024-2466
CVE-2024-40827
CVE-2024-40816
CVE-2024-40803
CVE-2024-40832
CVE-2024-6387
CVE-2024-40781
CVE-2024-40802
CVE-2024-40823
CVE-2024-27882
CVE-2024-27883
CVE-2024-40800
CVE-2023-27952
CVE-2024-40817
CVE-2024-27881
CVE-2024-40821
CVE-2024-27872
CVE-2024-27862
CVE-2024-40807
CVE-2024-40834
CVE-2024-40828
CVE-2024-40811
CVE-2024-27826
CVE-2024-23261
CVE-2024-44306
CVE-2024-44307
CVE-2024-44141
CVE-2024-40810
CVE-2024-44205
CVE-2024-44185
CVE-2024-44206

Frequently Asked Questions

What is the severity of CVE-2024-40818?
CVE-2024-40818 is a moderate severity vulnerability related to Siri on locked devices.
How do I fix CVE-2024-40818?
To fix CVE-2024-40818, update your device to iOS 16.7.9, iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6, iPadOS 17.6, watchOS 10.6, or macOS Sonoma 14.6.
Which devices are affected by CVE-2024-40818?
CVE-2024-40818 affects devices running iOS, iPadOS, watchOS, and macOS versions listed prior to their respective updates.
What type of issue does CVE-2024-40818 address?
CVE-2024-40818 addresses an issue with overriding restrictions on options available on a locked device.
Is CVE-2024-40818 specific to Apple products?
Yes, CVE-2024-40818 specifically affects several Apple products including iPhones, iPads, Macs, and Apple Watches.

agent/first-publish-date
agent/type
collector/apple-support
source/Apple
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/severity
agent/trending
agent/source
agent/software-canonical-lookup-request
agent/tags
alias/CVE-2024-27882
alias/CVE-2024-27883
alias/CVE-2024-40778
alias/CVE-2024-40800
alias/CVE-2023-27952
alias/CVE-2024-40817
alias/CVE-2024-40824
alias/CVE-2024-27871
alias/CVE-2024-27881
alias/CVE-2024-40821
alias/CVE-2024-40798
alias/CVE-2024-27872
alias/CVE-2024-27862
alias/CVE-2024-40833
alias/CVE-2024-40835
alias/CVE-2024-40836
alias/CVE-2024-40807
alias/CVE-2024-40834
alias/CVE-2024-40809
alias/CVE-2024-40812
alias/CVE-2024-40787
alias/CVE-2024-40793
alias/CVE-2024-40818
alias/CVE-2024-40822
alias/CVE-2024-44205
alias/CVE-2024-40828
alias/CVE-2024-40811
alias/CVE-2024-40776
alias/CVE-2024-40782
alias/CVE-2024-40779
alias/CVE-2024-40780
alias/CVE-2024-40785
alias/CVE-2024-40789
alias/CVE-2024-4558
alias/CVE-2024-40794
alias/CVE-2024-44185
alias/CVE-2024-44206
alias/CVE-2024-40816
alias/CVE-2024-40788
alias/CVE-2024-40803
alias/CVE-2024-40805
alias/CVE-2024-40832
alias/CVE-2024-40796
alias/CVE-2024-6387
alias/CVE-2024-40781
alias/CVE-2024-40802
alias/CVE-2024-40823
alias/CVE-2024-27863
alias/CVE-2024-40810
alias/CVE-2024-40799
alias/CVE-2024-40815
alias/CVE-2024-40795
alias/CVE-2023-6277
alias/CVE-2023-52356
alias/CVE-2024-40806
alias/CVE-2024-40777
alias/CVE-2024-40784
alias/CVE-2024-40813
alias/CVE-2024-40829
alias/CVE-2024-2004
alias/CVE-2024-2379
alias/CVE-2024-2398
alias/CVE-2024-2466
alias/CVE-2024-40827
alias/CVE-2024-44141
alias/CVE-2024-27873
alias/CVE-2023-38709
alias/CVE-2024-24795
alias/CVE-2024-27316
alias/CVE-2024-40783
alias/CVE-2024-40774
alias/CVE-2024-40814
alias/CVE-2024-40775
alias/CVE-2024-27877
alias/CVE-2024-27878
alias/CVE-2024-44306
alias/CVE-2024-44307
alias/CVE-2024-40786
alias/CVE-2024-23261
alias/CVE-2024-27826
agent/event
collector/nvd-api
source/NVD
agent/references
agent/author
agent/description
agent/weakness
agent/last-modified-date
agent/softwarecombine
vendor/apple
canonical/apple ios
canonical/apple ipados
canonical/apple macos
canonical/watchos
version/apple ipados/17.0
canonical/apple iphone os
version/apple iphone os/17.0
version/apple macos/14.0