OpenCVE

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Ipados Iphone Os Macos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://seclists.org/fulldisclosure/2024/Jul/21
https://support.apple.com/en-us/HT214117
https://support.apple.com/en-us/HT214118
https://support.apple.com/en-us/HT214119
https://support.apple.com/en-us/HT214120
https://support.apple.com/en-us/HT214124

History

Wed, 30 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 26 Aug 2024 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple macos Apple watchos
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:watchos::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple macos Apple watchos
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-07-29T22:16:42.833Z

Updated: 2024-10-30T15:38:50.977Z

Reserved: 2024-07-10T17:11:04.689Z

Link: CVE-2024-40787

Vulnrichment

Updated: 2024-08-02T04:39:54.735Z

NVD

Status : Modified

Published: 2024-07-29T23:15:12.133

Modified: 2024-11-21T09:31:37.787

Link: CVE-2024-40787

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-40787", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-07-10T17:11:04.689Z", "datePublished": "2024-07-29T22:16:42.833Z", "dateUpdated": "2024-10-30T15:38:50.977Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A shortcut may be able to bypass Internet permission requirements"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "10.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "12.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements."}], "references": [{"url": "https://support.apple.com/en-us/HT214117"}, {"url": "https://support.apple.com/en-us/HT214120"}, {"url": "https://support.apple.com/en-us/HT214124"}, {"url": "https://support.apple.com/en-us/HT214119"}, {"url": "https://support.apple.com/en-us/HT214118"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/19"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-07-29T22:16:42.833Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-30T18:37:56.118237Z", "id": "CVE-2024-40787", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-30T15:38:50.977Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:54.735Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214117", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214120", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214124", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214119", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214118", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214117", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214120", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214124", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214119", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214118", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:54.735Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40787", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-30T18:37:56.118237Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T18:38:00.934Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "13.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "10.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "12.7", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214117"}, {"url": "https://support.apple.com/en-us/HT214120"}, {"url": "https://support.apple.com/en-us/HT214124"}, {"url": "https://support.apple.com/en-us/HT214119"}, {"url": "https://support.apple.com/en-us/HT214118"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/20"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/19"}], "descriptions": [{"lang": "en", "value": "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A shortcut may be able to bypass Internet permission requirements"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-07-29T22:16:42.833Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40787", "state": "PUBLISHED", "dateUpdated": "2024-10-30T15:38:50.977Z", "dateReserved": "2024-07-10T17:11:04.689Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-07-29T22:16:42.833Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8A1B228-89B1-470E-9B6E-8553E561E062", "versionEndExcluding": "17.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352", "versionEndExcluding": "17.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3556C7C3-14B6-4846-B3E8-FE07A503155F", "versionEndExcluding": "12.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A", "versionEndExcluding": "13.6.8", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE", "versionEndExcluding": "14.6", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0", "versionEndExcluding": "10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements."}, {"lang": "es", "value": " Este problema se solucion\u00f3 agregando una solicitud adicional de consentimiento del usuario. Este problema se solucion\u00f3 en macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. Un atajo puede evitar los requisitos de permiso de Internet."}], "id": "CVE-2024-40787", "lastModified": "2024-11-21T09:31:37.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T23:15:12.133", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/16"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/18"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/19"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/20"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/21"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214117"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214118"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214119"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214120"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214120"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214124"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}