CVE-2024-40809
published 2024-07-29CVE-2024-40809: A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.7.9_and_ipados | — | — |
| apple | ios_17.6_and_ipados | — | — |
| apple | ios_and_ipados | < 16.7.9 | 16.7.9 |
| apple | ios_and_ipados | < 17.6 | 17.6 |
| apple | ipados | < 16.7.9 | 16.7.9 |
| apple | ipados | >= 17.0 < 17.6 | 17.6 |
| apple | iphone_os | < 16.7.9 | 16.7.9 |
| apple | iphone_os | >= 17.0 < 17.6 | 17.6 |
| apple | macos | < 13.6.8 | 13.6.8 |
| apple | macos | < 14.6 | 14.6 |
| apple | macos | < 12.7.6 | 12.7.6 |
| apple | macos | >= 13.0 < 13.6.8 | 13.6.8 |
| apple | macos | >= 14.0 < 14.6 | 14.6 |
| apple | macos_monterey | — | — |
| apple | macos_sonoma | — | — |
| apple | macos_ventura | — | — |
| apple | visionos | < 1.3 | 1.3 |
| apple | visionos | — | — |
| apple | watchos | < 10.6 | 10.6 |
| apple | watchos | — | — |
Apple
CVE-2024-40809: macOS Ventura 13.6.8
vendor_apple·2024-07-29·CVSS 7.8
CVE-2024-40809 [HIGH] CVE-2024-40809: macOS Ventura 13.6.8
Apple Security Update: About the security content of macOS Ventura 13.6.8
Product: macOS Ventura
Version: 13.6.8
CVE: CVE-2024-40809
Component: Shortcuts
Impact: A shortcut may be able to bypass Internet permission requirements
Description: A logic issue was addressed with improved checks.
Apple
CVE-2024-40809: macOS Sonoma 14.6
vendor_apple·2024-07-29·CVSS 7.8
CVE-2024-40809 [HIGH] CVE-2024-40809: macOS Sonoma 14.6
Apple Security Update: About the security content of macOS Sonoma 14.6
Product: macOS Sonoma
Version: 14.6
CVE: CVE-2024-40809
Component: Shortcuts
Impact: A shortcut may be able to bypass Internet permission requirements
Description: A logic issue was addressed with improved checks.
Apple
CVE-2024-40809: visionOS 1.3
vendor_apple·2024-07-29·CVSS 7.8
CVE-2024-40809 [HIGH] CVE-2024-40809: visionOS 1.3
Apple Security Update: About the security content of visionOS 1.3
Product: visionOS
Version: 1.3
CVE: CVE-2024-40809
Component: Shortcuts
Impact: A shortcut may be able to bypass Internet permission requirements
Description: A logic issue was addressed with improved checks.
Apple
CVE-2024-40809: watchOS 10.6
vendor_apple·2024-07-29·CVSS 7.8
CVE-2024-40809 [HIGH] CVE-2024-40809: watchOS 10.6
Apple Security Update: About the security content of watchOS 10.6
Product: watchOS
Version: 10.6
CVE: CVE-2024-40809
Component: Shortcuts
Impact: A shortcut may be able to bypass Internet permission requirements
Description: A logic issue was addressed with improved checks.
Apple
CVE-2024-40809: macOS Monterey 12.7.6
vendor_apple·2024-07-29·CVSS 7.8
CVE-2024-40809 [HIGH] CVE-2024-40809: macOS Monterey 12.7.6
Apple Security Update: About the security content of macOS Monterey 12.7.6
Product: macOS Monterey
Version: 12.7.6
CVE: CVE-2024-40809
Component: Shortcuts
Impact: A shortcut may be able to bypass Internet permission requirements
Description: A logic issue was addressed with improved checks.
Apple
CVE-2024-40809: iOS 16.7.9 and iPadOS 16.7.9
vendor_apple·2024-07-29·CVSS 7.8
CVE-2024-40809 [HIGH] CVE-2024-40809: iOS 16.7.9 and iPadOS 16.7.9
Apple Security Update: About the security content of iOS 16.7.9 and iPadOS 16.7.9
Product: iOS 16.7.9 and iPadOS
Version: 16.7.9
CVE: CVE-2024-40809
Component: Shortcuts
Impact: A shortcut may be able to bypass Internet permission requirements
Description: A logic issue was addressed with improved checks.
Apple
CVE-2024-40809: iOS 17.6 and iPadOS 17.6
vendor_apple·2024-07-29·CVSS 7.8
CVE-2024-40809 [HIGH] CVE-2024-40809: iOS 17.6 and iPadOS 17.6
Apple Security Update: About the security content of iOS 17.6 and iPadOS 17.6
Product: iOS 17.6 and iPadOS
Version: 17.6
CVE: CVE-2024-40809
Component: Shortcuts
Impact: A shortcut may be able to bypass Internet permission requirements
Description: A logic issue was addressed with improved checks.
GHSA
GHSA-9pqp-f42q-m2gc: A logic issue was addressed with improved checks
ghsa_unreviewed·2024-07-30
CVE-2024-40809 [HIGH] GHSA-9pqp-f42q-m2gc: A logic issue was addressed with improved checks
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.apple.com/en-us/120908https://support.apple.com/en-us/120909https://support.apple.com/en-us/120910https://support.apple.com/en-us/120911https://support.apple.com/en-us/120912https://support.apple.com/en-us/120915https://support.apple.com/en-us/120916http://seclists.org/fulldisclosure/2024/Jul/16http://seclists.org/fulldisclosure/2024/Jul/17http://seclists.org/fulldisclosure/2024/Jul/18http://seclists.org/fulldisclosure/2024/Jul/19http://seclists.org/fulldisclosure/2024/Jul/20http://seclists.org/fulldisclosure/2024/Jul/21http://seclists.org/fulldisclosure/2024/Jul/23https://support.apple.com/en-us/HT214116https://support.apple.com/en-us/HT214117https://support.apple.com/en-us/HT214118https://support.apple.com/en-us/HT214119https://support.apple.com/en-us/HT214120https://support.apple.com/en-us/HT214123https://support.apple.com/en-us/HT214124https://support.apple.com/kb/HT214116https://support.apple.com/kb/HT214117https://support.apple.com/kb/HT214118https://support.apple.com/kb/HT214119https://support.apple.com/kb/HT214120https://support.apple.com/kb/HT214124
2024-07-29
Published