Login Sign Up

CVE-2024-40804

5.5 MEDIUM

📋 TL;DR

This CVE describes an information disclosure vulnerability in macOS where a malicious application could access private information. The vulnerability affects macOS systems before Sonoma 14.6. Apple has addressed this with improved checks in the latest update.

💻 Affected Systems

Products:
  • macOS
Versions: Versions before macOS Sonoma 14.6
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default macOS configurations before Sonoma 14.6 are vulnerable. The vulnerability requires a malicious application to be installed and executed.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious application could access sensitive user data, credentials, or other private information stored on the system.

🟠

Likely Case

Malicious applications could access limited private information, potentially leading to data exposure or privacy violations.

🟢

If Mitigated

With proper application sandboxing and security controls, the impact would be limited to information accessible within the application's permissions.

🌐 Internet-Facing: LOW (This requires local malicious application execution, not remote exploitation)
🏢 Internal Only: MEDIUM (Malicious applications could be installed internally, but requires user interaction or bypass of security controls)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious application to be installed and executed on the target system. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.6

Vendor Advisory: https://support.apple.com/en-us/HT214119

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install macOS Sonoma 14.6 update 5. Restart when prompted

🔧 Temporary Workarounds

Application Restriction

all

Restrict installation of untrusted applications using Gatekeeper and only install applications from trusted sources

sudo spctl --master-enable
sudo spctl --enable

🧯 If You Can't Patch

  • Implement strict application control policies to prevent installation of untrusted applications
  • Use endpoint detection and response (EDR) solutions to monitor for suspicious application behavior

🔍 How to Verify

Check if Vulnerable:

Check macOS version: if running macOS Sonoma earlier than 14.6, the system is vulnerable

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 14.6 or later after applying the update

📡 Detection & Monitoring

Log Indicators:

  • Unusual application behavior accessing private data stores
  • Installation of untrusted applications

Network Indicators:

  • No network indicators as this is a local vulnerability

SIEM Query:

macOS application execution events from untrusted sources or unusual data access patterns

📊 Metadata

CVE ID: CVE-2024-40804
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: July 29, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40804, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)