Login Sign Up

CVE-2024-40771

7.8 HIGH

📋 TL;DR

This is a memory handling vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. Attackers could gain full system control on affected devices. All users running vulnerable versions of macOS, iOS, iPadOS, watchOS, tvOS, and visionOS are affected.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • watchOS
  • tvOS
  • visionOS
Versions: Versions prior to macOS Sonoma 14.5, iOS 16.7.8, iPadOS 16.7.8, iOS 17.5, iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2
Operating Systems: Apple operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: All standard configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level access, allowing attackers to install persistent malware, steal sensitive data, or create backdoors.

🟠

Likely Case

Targeted attacks against high-value individuals or organizations to gain persistent access to devices and networks.

🟢

If Mitigated

Limited impact with proper patch management and security controls in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious app, but could be delivered through various distribution methods.
🏢 Internal Only: MEDIUM - Insider threats or compromised internal apps could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to install and run a malicious application. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.5, iOS 16.7.8, iPadOS 16.7.8, iOS 17.5, iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2

Vendor Advisory: https://support.apple.com/en-us/120898

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Download and install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources like the App Store

🧯 If You Can't Patch

  • Implement strict application allowlisting policies
  • Monitor for suspicious process behavior and kernel-level activity

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel extensions loading
  • Suspicious process spawning with elevated privileges
  • Unusual system calls

Network Indicators:

  • Unexpected outbound connections from system processes
  • Command and control traffic from kernel-level processes

SIEM Query:

Process creation where parent process is kernel_task or similar system process with unusual command line arguments

📊 Metadata

CVE ID: CVE-2024-40771
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-863
EPSS Score: 0.06% exploit probability (19.4th percentile)
Published: January 15, 2025
Last Updated: March 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40771, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)