CVE-2024-40788

Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)

Published: Jul 29, 2024

010
CVSS 5.5EPSS 0.05%Medium
CVE info copied to clipboard

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

Vendor Advisory

Apple released a security advisory (HT214119).

Jul 29, 2024 at 9:30 PM
Vendor Advisory

Apple released a security advisory (HT214120).

Jul 29, 2024 at 9:30 PM
Vendor Advisory

Apple released a security advisory (HT214117).

Jul 29, 2024 at 9:30 PM
Vendor Advisory

Apple released a security advisory (HT214116).

Jul 29, 2024 at 9:30 PM
Vendor Advisory

Apple released a security advisory (HT214118).

Jul 29, 2024 at 9:30 PM
Vendor Advisory

Apple released a security advisory (HT214122).

Jul 29, 2024 at 9:30 PM
Vendor Advisory

Apple released a security advisory (HT214123).

Jul 29, 2024 at 9:30 PM
Vendor Advisory

Apple released a security advisory (HT214124).

Jul 29, 2024 at 9:30 PM
First Article

Feedly found the first article mentioning CVE-2024-40788. See article

Jul 29, 2024 at 9:37 PM / Main stream | The Taggart Institute Intel Center
Static CVE Timeline Graph

Affected Systems

Apple/watchos
+null more

Patches

Apple
+null more

Vendor Advisory

About the security content of iOS 16.7.9 and iPadOS 16.7.9 - Apple Support
Impact: Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Impact: Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

References

About the security content of iOS 17.6 and iPadOS 17.6 - Apple Support
Impact: Impact: Processing a maliciously crafted file may lead to unexpected app termination Impact: Impact: A user may be able to bypass some web content restrictions
About the security content of macOS Monterey 12.7.6 - Apple Support
Impact: Impact: Processing a maliciously crafted file may lead to unexpected app termination Impact: Impact: Processing a maliciously crafted video file may lead to unexpected app termination
About the security content of macOS Ventura 13.6.8 - Apple Support
Impact: Impact: Processing a maliciously crafted file may lead to unexpected app termination Impact: Impact: Processing a maliciously crafted video file may lead to unexpected app termination
See 6 more references

News

macOS 12.x < 12.7.6 Multiple Vulnerabilities (120910)
- libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections.
apple 120910: About the security content of macOS Monterey 12.7.6
Development Last Updated: 10/21/2024 CVEs: CVE-2024-2466 , CVE-2024-27826 , CVE-2024-40809 , CVE-2024-40800 , CVE-2024-40834 , CVE-2024-44205 , CVE-2023-52356 , CVE-2024-6387 , CVE-2024-40821 , CVE-2024-23261 , CVE-2024-2379 , CVE-2024-40806 , CVE-2024-40817 , CVE-2024-40774 , CVE-2024-2004 , CVE-2024-40787 , CVE-2024-27873 , CVE-2024-27883 , CVE-2024-40816 , CVE-2024-27882 , CVE-2024-40788 , CVE-2024-40827 , CVE-2024-40781 , CVE-2024-27881 , CVE-2024-40799 , CVE-2023-6277 , CVE-2024-2398 , CVE-2024-27877 , CVE-2024-40798 , CVE-2024-40807 , CVE-2024-23296 , CVE-2024-40823 , CVE-2024-40802 , CVE-2024-40828 , CVE-2024-40796 , CVE-2024-40833 , CVE-2024-40775 , CVE-2024-40783 , CVE-2024-40812 , CVE-2024-40793 , CVE-2024-40835 , CVE-2024-40803
About the security content of iOS 17.6 and iPadOS 17.6 - Apple Support
Impact: Impact: Processing a maliciously crafted file may lead to unexpected app termination Impact: Impact: A user may be able to bypass some web content restrictions
About the security content of macOS Monterey 12.7.6 - Apple Support
Impact: Impact: Processing a maliciously crafted file may lead to unexpected app termination Impact: Impact: Processing a maliciously crafted video file may lead to unexpected app termination
About the security content of macOS Ventura 13.6.8 - Apple Support
Impact: Impact: Processing a maliciously crafted file may lead to unexpected app termination Impact: Impact: Processing a maliciously crafted video file may lead to unexpected app termination
See 47 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI