Login Sign Up

CVE-2024-40796

5.3 MEDIUM

📋 TL;DR

This CVE describes a privacy vulnerability in Apple operating systems where private browsing history may leak into system logs. The issue affects users of macOS, iOS, and iPadOS who use private browsing mode. Attackers with access to system logs could potentially view browsing history that should remain private.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
Versions: Versions prior to macOS Sonoma 14.6, iOS 16.7.9, iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8
Operating Systems: macOS, iOS, iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where private browsing mode is used. Standard browsing is not affected.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access or malware could extract private browsing history from system logs, compromising user privacy and potentially revealing sensitive information about browsing habits.

🟠

Likely Case

Local users or applications with log access could inadvertently or intentionally view private browsing data that should have been redacted from logs.

🟢

If Mitigated

With proper access controls limiting log access to authorized administrators only, the impact is reduced to trusted personnel potentially viewing private browsing data.

🌐 Internet-Facing: LOW - This is primarily a local information disclosure vulnerability requiring access to system logs.
🏢 Internal Only: MEDIUM - Internal users or malware with log access could exploit this to view private browsing history of other users on shared systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Requires access to system logs but no special privileges beyond what's needed to read logs.

Exploitation requires access to system logs, which typically requires local access or compromised system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.6, iOS 16.7.9, iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8

Vendor Advisory: https://support.apple.com/en-us/HT214116

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install the available update. 3. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict log access

macOS

Limit access to system logs to authorized administrators only to prevent unauthorized viewing of potentially leaked private browsing data.

sudo chmod 640 /var/log/*.log
sudo chown root:admin /var/log/*.log

Clear system logs regularly

macOS

Regularly clear system logs to remove any potentially leaked private browsing data.

sudo rm /var/log/*.log
sudo log erase --all

🧯 If You Can't Patch

  • Avoid using private browsing mode on affected systems until patched
  • Implement strict access controls on system logs and monitor for unauthorized access

🔍 How to Verify

Check if Vulnerable:

Check system version: On macOS, go to Apple menu > About This Mac. On iOS/iPadOS, go to Settings > General > About.

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Not available via command line, check in Settings

Verify Fix Applied:

Verify system version is equal to or newer than the patched versions listed in the fix information.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to system log files
  • Log entries containing browsing-related data during private browsing sessions

Network Indicators:

  • None - this is a local information disclosure vulnerability

SIEM Query:

source="*/var/log/*.log" AND (event_description="browsing" OR event_description="history") AND user="*"

📊 Metadata

CVE ID: CVE-2024-40796
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-359
Published: July 29, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40796, you might also want to check these:

CVE-2022-0482 9.1

This vulnerability in Easy Appointments allows unauthorized actors to access private personal inform...

Same vulnerability type (CWE-359)
CVE-2023-36052 8.6

CVE-2023-36052 is an information disclosure vulnerability in Azure CLI's REST command that allows au...

Same vulnerability type (CWE-359)
CVE-2024-26192 8.2

This vulnerability in Microsoft Edge (Chromium-based) allows an attacker to potentially access sensi...

Same vulnerability type (CWE-359)