Login Sign Up

CVE-2024-40779

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in Apple's web content processing that could cause unexpected process crashes. It affects multiple Apple operating systems and Safari browser versions. Attackers could exploit this by tricking users into visiting malicious web pages.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • Safari
  • watchOS
  • tvOS
  • visionOS
  • macOS Sonoma
Versions: Versions prior to iOS 16.7.9, iPadOS 16.7.9, Safari 17.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6
Operating Systems: iOS, iPadOS, watchOS, tvOS, visionOS, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple devices and browsers are vulnerable until patched.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service through application crashes, potentially leading to temporary unavailability of affected services or devices.

🟠

Likely Case

Application crashes when processing malicious web content, requiring restart of affected applications.

🟢

If Mitigated

Minimal impact with proper patching and security controls in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious web content). No public proof-of-concept has been identified in the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 16.7.9, iPadOS 16.7.9, Safari 17.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6

Vendor Advisory: https://support.apple.com/en-us/HT214108

Restart Required: Yes

Instructions:

1. Open Settings app on Apple device. 2. Navigate to General > Software Update. 3. Download and install the latest available update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript in Safari to prevent processing of malicious web content.

Safari > Settings > Security > Uncheck 'Enable JavaScript'

Use Alternative Browser

all

Use a non-Safari browser until patches are applied.

🧯 If You Can't Patch

  • Implement web content filtering to block known malicious sites
  • Restrict access to untrusted websites and enforce safe browsing policies

🔍 How to Verify

Check if Vulnerable:

Check current OS/browser version against affected versions listed above.

Check Version:

iOS/iPadOS: Settings > General > About > Version; macOS: Apple menu > About This Mac > macOS version; Safari: Safari menu > About Safari

Verify Fix Applied:

Verify installed version matches or exceeds patched versions listed above.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected Safari/WebKit process crashes
  • Application crash logs with memory access violations

Network Indicators:

  • Requests to known malicious domains serving web content

SIEM Query:

source="apple_crash_reporter" AND process_name="Safari" OR process_name="WebKit" AND event_type="crash"

📊 Metadata

CVE ID: CVE-2024-40779
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-125
Published: July 29, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40779, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)