Permissions Flaw in macOS Sequoia Allows Unauthorized Contacts Access
CVE-2024-40858

7.1HIGH

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 2 April 2026

What is CVE-2024-40858?

A flaw in macOS Sequoia allows applications to access user Contacts without explicit consent, raising significant privacy concerns. This issue has been resolved in version 15.1, where additional restrictions have been implemented to safeguard user data. Users are encouraged to update to the latest version to ensure their information remains secure. For further details, refer to Apple's official support documentation.

Affected Version(s)

macOS 0 < 15.1

References

https://support.apple.com/en-us/121564

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Jul 10, 2024

CVE-2024-40858 Data

JSON