What is the severity of CVE-2024-40863?

CVE-2024-40863 is considered a moderate severity vulnerability.

How do I fix CVE-2024-40863?

To fix CVE-2024-40863, update your Apple iOS or iPadOS device to version 18 or later.

What devices are affected by CVE-2024-40863?

CVE-2024-40863 affects Apple iPhone OS and iPadOS versions prior to 18.0.

What types of issues does CVE-2024-40863 address?

CVE-2024-40863 addresses accessibility issues and improves data protection, state management, and checks within ARKit.

Is a workaround available for CVE-2024-40863?

There is no specific workaround recommended for CVE-2024-40863; updating to the latest version is the best approach.

Vulnerability/
CVE-2024-40863

medium

5.5

CWE

362 20 190

16/9/2024

24/1/2025

CVE-2024-40863: Race Condition

First published: Mon Sep 16 2024(Updated: )

Accessibility. This issue was addressed by restricting options offered on a locked device.

Credit: product-security@apple.com Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaChloe Surett Jake Derouin Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaHolger Fuhrmannek Tuan D. Hoang Snoolie Keffaber @0xilis an anonymous researcher Daniele Antonioli @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Chloe Surett Jake Derouin Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaHolger Fuhrmannek Tuan D. Hoang Snoolie Keffaber @0xilis an anonymous researcher Daniele Antonioli @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Jake Derouin Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaHolger Fuhrmannek Tuan D. Hoang Snoolie Keffaber @0xilis an anonymous researcher Daniele Antonioli @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Snoolie Keffaber @0xilis an anonymous researcher Daniele Antonioli @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Holger Fuhrmannek Tuan D. Hoang Snoolie Keffaber @0xilis an anonymous researcher Daniele Antonioli @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers an anonymous researcher Daniele Antonioli @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Daniele Antonioli @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Tuan D. Hoang Snoolie Keffaber @0xilis an anonymous researcher Daniele Antonioli @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaHolger Fuhrmannek Tuan D. Hoang Snoolie Keffaber @0xilis an anonymous researcher Daniele Antonioli @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Denis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Antonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Rodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Olivier Levon CVE-2023-5841 Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef ajajfxhj Bistrit Dahal an anonymous researcher Joshua Keller an anonymous researcher Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Kenneth Chew Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers Anamika Adhikari Csaba Fitzl @theevilbit Kandji냥냥 Wojciech Regula SecuRingOm Kothawade Zaprico DigitalOmar A. Alanis the UNTHSC College of PharmacyChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Bistrit Dahal K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Rodolphe BRUNETTI @eisw0lf Bohdan Stasiuk @Bohdan_Stasiuk Justin Cohen Ron Masas Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Domien Schepers

Affected Software	Affected Version	How to fix
Apple iPadOS	<18.0
Apple iPhone OS	<18.0
Apple iOS	<18	18
Apple iPadOS	<18	18

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/121250 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

APPLE-121250

Frequently Asked Questions

What is the severity of CVE-2024-40863?
CVE-2024-40863 is considered a moderate severity vulnerability.
How do I fix CVE-2024-40863?
To fix CVE-2024-40863, update your Apple iOS or iPadOS device to version 18 or later.
What devices are affected by CVE-2024-40863?
CVE-2024-40863 affects Apple iPhone OS and iPadOS versions prior to 18.0.
What types of issues does CVE-2024-40863 address?
CVE-2024-40863 addresses accessibility issues and improves data protection, state management, and checks within ARKit.
Is a workaround available for CVE-2024-40863?
There is no specific workaround recommended for CVE-2024-40863; updating to the latest version is the best approach.

agent/references
agent/author
agent/type
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/event
agent/source
agent/tags
collector/apple-support
source/Apple
alias/CVE-2024-40830
alias/CVE-2024-44171
alias/CVE-2024-40852
alias/CVE-2024-44126
alias/CVE-2024-27874
alias/CVE-2024-27876
alias/CVE-2024-27869
alias/CVE-2024-44124
alias/CVE-2024-44131
alias/CVE-2024-40850
alias/CVE-2024-27880
alias/CVE-2024-44176
alias/CVE-2024-44169
alias/CVE-2024-44165
alias/CVE-2024-44191
alias/CVE-2024-44198
alias/CVE-2024-40791
alias/CVE-2024-44183
alias/CVE-2023-5841
alias/CVE-2024-44147
alias/CVE-2024-44167
alias/CVE-2024-44217
alias/CVE-2024-40826
alias/CVE-2024-44155
alias/CVE-2024-44202
alias/CVE-2024-44127
alias/CVE-2024-40863
alias/CVE-2024-44144
alias/CVE-2024-44123
alias/CVE-2024-44145
alias/CVE-2024-40853
alias/CVE-2024-44139
alias/CVE-2024-44180
alias/CVE-2024-44170
alias/CVE-2024-44184
alias/CVE-2024-27879
alias/CVE-2024-40857
alias/CVE-2024-44187
alias/CVE-2024-40856
vendor/apple
canonical/apple ipados
canonical/apple iphone os

CVE-2024-40863: Race Condition

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Peer vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-40863?

How do I fix CVE-2024-40863?

What devices are affected by CVE-2024-40863?

What types of issues does CVE-2024-40863 address?

Is a workaround available for CVE-2024-40863?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-40863?

How do I fix CVE-2024-40863?

What devices are affected by CVE-2024-40863?

What types of issues does CVE-2024-40863 address?

Is a workaround available for CVE-2024-40863?