Race Condition Vulnerability in macOS Sequoia by Apple
CVE-2024-40849

7.5HIGH

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 2 April 2026

What is CVE-2024-40849?

A race condition vulnerability exists in macOS Sequoia, allowing an application to potentially escape its sandbox due to insufficient validation. This issue could lead to unauthorized access to system resources or sensitive data. Apple has addressed this vulnerability in macOS Sequoia 15.1, enhancing the validation mechanisms to prevent such exploits. Users are encouraged to update to the latest version to mitigate any associated risks.

Affected Version(s)

macOS 0 < 15.1

References

https://support.apple.com/en-us/121564

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Jul 10, 2024

CVE-2024-40849 Data

JSON