A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00149}

epss

{'score': 0.00157}


Tue, 29 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple ios
CPEs cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*
Vendors & Products Apple ios
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Tue, 29 Oct 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}


Mon, 28 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Description A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2024-11-01T03:55:33.722Z

Reserved: 2024-07-10T17:11:04.716Z

Link: CVE-2024-40867

cve-icon Vulnrichment

Updated: 2024-10-29T19:49:09.503Z

cve-icon NVD

Status : Modified

Published: 2024-10-28T21:15:04.937

Modified: 2024-10-29T20:35:26.040

Link: CVE-2024-40867

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.