Memory Handling Issue in Apple Products
CVE-2024-40771

8.4HIGH

Key Information:

Vendor: Apple
Status: Mac OS; TV OS; Visionos; iOS And iPad OS
Vendor: CVE Published:; 15 January 2025

Summary

A vulnerability has been identified in certain Apple operating systems that could allow an application to execute arbitrary code with kernel privileges. This issue arises due to improper memory handling, potentially leading to unauthorized access and control over the system. Apple has released fixes in the latest updates for macOS, iOS, iPadOS, watchOS, and tvOS to address this critical flaw, emphasizing the importance of keeping devices updated to safeguard against possible exploitation.

Affected Version(s)

iOS and iPadOS < 16.7

iOS and iPadOS < 17.5

macOS < 13.6

References

https://support.apple.com/en-us/120900

https://support.apple.com/en-us/120901

https://support.apple.com/en-us/120906

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jul 10, 2024