Unexpected Termination of macOS Due to Maliciously Crafted Video File

CVE-2024-40841

5.5MEDIUM

Key Information

Vendor
Apple
Status
Mac OS
Vendor
CVE Published:
17 September 2024

Badges

πŸ“° News Worthy

Summary

The vulnerability with CVE number CVE-2024-40841 impacts Apple macOS and allows remote attackers to execute arbitrary code. The vulnerability is related to the processing of MOV files in the VTDecoderXPCService process, resulting from the lack of proper validation of user-supplied data, which can lead to unexpected app termination. Apple has issued an update to address this vulnerability, and user interaction is required to exploit it. No known exploit by ransomware groups has been reported at this time.

News Articles

favicon imageSystemTek

Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability [CVE-2024-40841]

CVE number = CVE-2024-40841 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS, it has a CVSS score of 8.8 User interaction is required to exploit...

3 months ago

References

https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121247

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by SystemTek

  • Vulnerability published

Collectors

NVD Database1 News Article(s)
.