CVE-2024-40802 – This CVE describes a local privilege escalation... (How to Fix)

Q: What is the severity of CVE-2024-40802?

CVE-2024-40802 has a CVSS score of 7.8 (HIGH). This CVE describes a local privilege escalation vulnerability in macOS that allows an attacker with existing local access to elevate their privileges to higher levels. It affects macOS Monterey, Ventura, and Sonoma systems. The vulnerability enables attackers to bypass security restrictions and gain unauthorized system access.

📋 TL;DR

This CVE describes a local privilege escalation vulnerability in macOS that allows an attacker with existing local access to elevate their privileges to higher levels. It affects macOS Monterey, Ventura, and Sonoma systems. The vulnerability enables attackers to bypass security restrictions and gain unauthorized system access.

💻 Affected Systems

Products:

macOS

Versions: macOS Monterey before 12.7.6, macOS Ventura before 13.6.8, macOS Sonoma before 14.6

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected macOS versions are vulnerable. No special configurations required for exploitation.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full root/system administrator privileges, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement across the network.

🟠

Likely Case

Local users or malware with initial access escalate privileges to install additional payloads, bypass security controls, or access protected system resources.

🟢

If Mitigated

With proper patch management and least privilege principles, impact is limited to isolated systems with no critical data exposure.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring existing local access, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Malicious insiders, compromised accounts, or malware with initial foothold can exploit this to gain elevated privileges on internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and some technical knowledge. No public exploit code identified in references, but Apple has addressed it in security updates.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8

Vendor Advisory: https://support.apple.com/en-us/HT214118

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart the system when prompted. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict local user privileges

all

Implement least privilege principles by limiting standard user accounts to minimal necessary permissions.

🧯 If You Can't Patch

Implement strict access controls and monitor for suspicious privilege escalation attempts
Segment affected systems and limit lateral movement capabilities

🔍 How to Verify

Check if Vulnerable:

Check macOS version via 'sw_vers' command and compare against patched versions.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 12.7.6 or higher for Monterey, 13.6.8 or higher for Ventura, or 14.6 or higher for Sonoma.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events in system logs
Unauthorized access to protected system directories or processes

Network Indicators:

Unusual outbound connections from elevated processes
Lateral movement attempts from compromised systems

SIEM Query:

source="macos_system_logs" AND (event_type="privilege_escalation" OR process="sudo" OR user_change="root")

📊 Metadata

CVE ID: CVE-2024-40802

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: July 29, 2024

Last Updated: November 4, 2025

🔗 References

http://seclists.org/fulldisclosure/2024/Jul/18 Mailing List
http://seclists.org/fulldisclosure/2024/Jul/19 Mailing List
http://seclists.org/fulldisclosure/2024/Jul/20 Mailing List
https://support.apple.com/en-us/HT214118 Vendor Advisory
https://support.apple.com/en-us/HT214119 Vendor Advisory
https://support.apple.com/en-us/HT214120 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/18 Mailing List
http://seclists.org/fulldisclosure/2024/Jul/19 Mailing List
http://seclists.org/fulldisclosure/2024/Jul/20 Mailing List
https://support.apple.com/en-us/HT214118 Vendor Advisory
https://support.apple.com/en-us/HT214119 Vendor Advisory
https://support.apple.com/en-us/HT214120 Vendor Advisory
https://support.apple.com/kb/HT214118
https://support.apple.com/kb/HT214119
https://support.apple.com/kb/HT214120

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40802, you might also want to check these: