CVE-2024-40825Improper Access Control in Apple Macos

CWE-284Improper Access Control5 documents4 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 94.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MacosApple Visionos
Timeline
PublishedSep 17

Description

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, visionOS 2. A malicious app with root privileges may be able to modify the contents of system files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5apple/macos< 15
NVDapple/macos< 15.0
CVEListV5apple/visionos< 2
NVDapple/visionos< 2.0

🔴Vulnerability Details

2
GHSA
GHSA-79c6-5cw9-rpwc: The issue was addressed with improved checks2024-09-17
CVEList
CVE-2024-40825: The issue was addressed with improved checks2024-09-16

📋Vendor Advisories

2
Apple
CVE-2024-40825: macOS Sequoia 152024-09-16
Apple
CVE-2024-40825: visionOS22024-09-16
CVE-2024-40825 — Improper Access Control in Apple Macos | cvebase