Unexpected Termination of macOS Due to Maliciously Crafted Video File
CVE-2024-40841

5.5MEDIUM

Key Information:

Vendor

Apple
Status
Mac OS
Vendor
CVE Published:
17 September 2024

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2024-40841?

The vulnerability with CVE number CVE-2024-40841 impacts Apple macOS and allows remote attackers to execute arbitrary code. The vulnerability is related to the processing of MOV files in the VTDecoderXPCService process, resulting from the lack of proper validation of user-supplied data, which can lead to unexpected app termination. Apple has issued an update to address this vulnerability, and user interaction is required to exploit it. No known exploit by ransomware groups has been reported at this time.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

macOS < 15

macOS < 14.7

News Articles

favicon imageSystemTek

Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability [CVE-2024-40841]

CVE number = CVE-2024-40841 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS, it has a CVSS score of 8.8 User interaction is required to exploit...

References

https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121247

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐Ÿ“ฐ

    First article discovered by SystemTek

  • Vulnerability published

JSON
.