CVE-2024-40785 – This is a cross-site scripting (XSS) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2024-40785?

CVE-2024-40785 has a CVSS score of 6.1 (MEDIUM). This is a cross-site scripting (XSS) vulnerability in Apple's web content processing that allows attackers to inject malicious scripts into web pages viewed by users. It affects multiple Apple operating systems and Safari browser versions. Successful exploitation could lead to session hijacking, credential theft, or other client-side attacks.

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in Apple's web content processing that allows attackers to inject malicious scripts into web pages viewed by users. It affects multiple Apple operating systems and Safari browser versions. Successful exploitation could lead to session hijacking, credential theft, or other client-side attacks.

💻 Affected Systems

Products:

iOS
iPadOS
Safari
watchOS
tvOS
visionOS
macOS Sonoma

Versions: Versions prior to iOS 16.7.9, iPadOS 16.7.9, Safari 17.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6

Operating Systems: iOS, iPadOS, watchOS, tvOS, visionOS, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web content processing in Safari and WebKit-based components across Apple's ecosystem.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover, credential theft, session hijacking, and unauthorized actions performed on behalf of authenticated users.

🟠

Likely Case

Session hijacking, credential theft, and unauthorized access to user data through malicious script execution in the browser context.

🟢

If Mitigated

Limited impact due to Content Security Policy (CSP) headers, input validation, and output encoding preventing script execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) but no authentication. Technical details not publicly disclosed in provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 16.7.9, iPadOS 16.7.9, Safari 17.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6

Vendor Advisory: https://support.apple.com/en-us/HT214108

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install available updates. 4. Restart device when prompted.

🔧 Temporary Workarounds

Enable Content Security Policy

all

Implement strict CSP headers to prevent inline script execution and restrict script sources.

Content-Security-Policy: script-src 'self'

Disable JavaScript for Untrusted Sites

all

Configure browser to block JavaScript execution on untrusted websites.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block XSS payloads
Use browser extensions that block malicious scripts and enforce security policies

🔍 How to Verify

Check if Vulnerable:

Check device/browser version against affected versions list. On Apple devices: Settings > General > About > Version.

Check Version:

On macOS: sw_vers -productVersion. On iOS/iPadOS: Settings > General > About > Version.

Verify Fix Applied:

Confirm version number matches or exceeds patched versions listed in fix_official section.

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript execution patterns
Suspicious script tags in web server logs
Unexpected DOM manipulation events

Network Indicators:

Malicious script payloads in HTTP requests
Suspicious redirects to external domains
Unusual outbound connections from browsers

SIEM Query:

source="web_server" AND ("<script>" OR "javascript:" OR "onload=" OR "onerror=")

📊 Metadata

CVE ID: CVE-2024-40785

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: July 29, 2024

Last Updated: November 4, 2025

🔗 References

http://seclists.org/fulldisclosure/2024/Jul/15 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/16 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/17 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/18 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/21 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/22 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/23 Mailing List,Third Party Advisory
https://support.apple.com/en-us/HT214116 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214117 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214119 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214121 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214122 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214123 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214124 Release Notes,Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/15 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/16 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/17 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/18 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/21 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/22 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2024/Jul/23 Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html
https://support.apple.com/en-us/HT214116 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214117 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214119 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214121 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214122 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214123 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT214124 Release Notes,Vendor Advisory
https://support.apple.com/kb/HT214116
https://support.apple.com/kb/HT214117
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214122
https://support.apple.com/kb/HT214124

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40785, you might also want to check these: