Login Sign Up

CVE-2024-40799

7.1 HIGH
Denial of Service

📋 TL;DR

An out-of-bounds read vulnerability in Apple operating systems allows processing malicious files to cause unexpected application termination. This affects iOS, iPadOS, macOS, watchOS, tvOS, and visionOS users. Attackers could potentially exploit this to crash applications or leak memory contents.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • watchOS
  • tvOS
  • visionOS
Versions: Versions prior to iOS 16.7.9, iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6
Operating Systems: Apple operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: All affected Apple devices with unpatched operating systems are vulnerable when processing files

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure through memory read or denial of service leading to system instability

🟠

Likely Case

Application crashes when processing malicious files, causing temporary disruption

🟢

If Mitigated

Minimal impact with proper file handling controls and updated systems

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction to process malicious files

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 16.7.9, iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6

Vendor Advisory: https://support.apple.com/en-us/HT214108

Restart Required: Yes

Instructions:

1. Open Settings app 2. Go to General > Software Update 3. Download and install available updates 4. Restart device when prompted

🔧 Temporary Workarounds

Restrict file processing

all

Limit file processing to trusted sources only

Application sandboxing

all

Use sandboxed applications to limit impact

🧯 If You Can't Patch

  • Implement strict file upload controls and validation
  • Use application allowlisting to restrict untrusted applications

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list

Check Version:

Settings > General > About on iOS/iPadOS; About This Mac on macOS

Verify Fix Applied:

Verify OS version matches or exceeds patched versions

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs with memory access violations
  • Unexpected process termination events

Network Indicators:

  • Unusual file downloads to Apple devices
  • Suspicious file transfer patterns

SIEM Query:

source="apple_system_logs" AND (event="process_crash" OR event="memory_violation")

📊 Metadata

CVE ID: CVE-2024-40799
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: July 29, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40799, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)