Login Sign Up

CVE-2024-40797

6.1 MEDIUM

📋 TL;DR

This macOS vulnerability allows malicious websites to spoof user interface elements, potentially tricking users into unintended actions. It affects macOS Ventura, Sonoma, and Sequoia users who visit compromised websites. The issue was addressed through improved state management in Apple's security updates.

💻 Affected Systems

Products:
  • macOS
Versions: macOS Ventura before 13.7, macOS Sonoma before 14.7, macOS Sequoia before 15
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects users who visit malicious websites. Requires user interaction with the spoofed interface elements.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could create convincing fake login prompts, system dialogs, or other interface elements that trick users into entering credentials, approving malicious actions, or downloading malware.

🟠

Likely Case

Phishing attacks where users are tricked into entering sensitive information into fake browser or system dialogs that appear legitimate.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated. With browser security features and user awareness, the risk is reduced even before patching.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to visit a malicious website but no authentication is needed. The technical details suggest relatively straightforward UI manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15

Vendor Advisory: https://support.apple.com/en-us/121234

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install available updates 5. Restart when prompted

🔧 Temporary Workarounds

Browser Security Settings

all

Configure browser to block pop-ups and suspicious websites

User Awareness Training

all

Train users to verify URL authenticity and be skeptical of unexpected dialogs

🧯 If You Can't Patch

  • Use web filtering to block known malicious websites
  • Implement application whitelisting to prevent unauthorized browser extensions or downloads

🔍 How to Verify

Check if Vulnerable:

Check macOS version in System Settings > General > About. If version is earlier than Ventura 13.7, Sonoma 14.7, or Sequoia 15, the system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version shows Ventura 13.7, Sonoma 14.7, or Sequoia 15 or later in System Settings > General > About.

📡 Detection & Monitoring

Log Indicators:

  • Unusual browser behavior logs
  • Multiple failed authentication attempts from browser sessions

Network Indicators:

  • Connections to suspicious domains with high interaction rates
  • Unusual outbound traffic patterns after website visits

SIEM Query:

source="browser_logs" AND (event="dialog_interaction" OR event="credential_submission") AND url CONTAINS suspicious_domain

📊 Metadata

CVE ID: CVE-2024-40797
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Published: September 17, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON