CVE-2024-40815

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Jul/16	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/18	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/19	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/21	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/22	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT214117	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214119	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214120	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214122	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214124	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/16	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/18	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/19	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/21	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/22	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT214117	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214119	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214120	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214122	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT214124	Release Notes Vendor Advisory
https://support.apple.com/kb/HT214117
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120
https://support.apple.com/kb/HT214122
https://support.apple.com/kb/HT214124

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

04 Nov 2025, 18:16

Type	Values Removed	Values Added
References		() https://support.apple.com/kb/HT214117 - () https://support.apple.com/kb/HT214119 - () https://support.apple.com/kb/HT214120 - () https://support.apple.com/kb/HT214122 - () https://support.apple.com/kb/HT214124 -

13 Mar 2025, 19:15

Type	Values Removed	Values Added
CWE		CWE-352

21 Nov 2024, 09:31

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2024/Jul/16 - Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2024/Jul/16 - Mailing List, Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jul/18 - Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2024/Jul/18 - Mailing List, Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jul/19 - Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2024/Jul/19 - Mailing List, Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jul/21 - Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2024/Jul/21 - Mailing List, Third Party Advisory
References	~~() http://seclists.org/fulldisclosure/2024/Jul/22 - Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2024/Jul/22 - Mailing List, Third Party Advisory
References	~~() https://support.apple.com/en-us/HT214117 - Release Notes, Vendor Advisory~~	() https://support.apple.com/en-us/HT214117 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214119 - Release Notes, Vendor Advisory~~	() https://support.apple.com/en-us/HT214119 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214120 - Release Notes, Vendor Advisory~~	() https://support.apple.com/en-us/HT214120 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214122 - Release Notes, Vendor Advisory~~	() https://support.apple.com/en-us/HT214122 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/HT214124 - Release Notes, Vendor Advisory~~	() https://support.apple.com/en-us/HT214124 - Release Notes, Vendor Advisory

15 Aug 2024, 16:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 23:15

Updated : 2025-11-04 18:16

NVD link : CVE-2024-40815

Mitre link : CVE-2024-40815

CVE.ORG link : CVE-2024-40815

JSON object : View

Products Affected

apple

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-352

Cross-Site Request Forgery (CSRF)

7.5 /10