CVE-2024-40815Race Condition in Apple IOS AND Ipados

CWE-362Race ConditionCWE-352Cross-Site Request Forgery8 documents4 sources
Severity
7.5HIGHNVD
EPSS
7.2%
top 8.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple IOS AND IpadosApple MacosApple Tvos+3 more
Timeline
PublishedJul 29
Latest updateJul 30

Description

A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages9 packages

CVEListV5apple/macos< 13.6.8+1
NVDapple/macos14.014.6+1
CVEListV5apple/tvos< 17.6
NVDapple/tvos< 17.6
NVDapple/ipados< 17.6

🔴Vulnerability Details

2
GHSA
GHSA-mxhg-mc93-9g8m: A race condition was addressed with additional validation2024-07-30
CVEList
CVE-2024-40815: A race condition was addressed with additional validation2024-07-29

📋Vendor Advisories

5
Apple
CVE-2024-40815: tvOS 17.62024-07-29
Apple
CVE-2024-40815: watchOS 10.62024-07-29
Apple
CVE-2024-40815: macOS Ventura 13.6.82024-07-29
Apple
CVE-2024-40815: macOS Sonoma 14.62024-07-29
Apple
CVE-2024-40815: iOS 17.6 and iPadOS 17.62024-07-29
CVE-2024-40815 — Race Condition in Apple IOS AND Ipados | cvebase