Login Sign Up

CVE-2024-40809

7.8 HIGH

📋 TL;DR

This vulnerability allows shortcuts to bypass internet permission requirements on Apple devices, potentially enabling unauthorized network access. It affects multiple Apple operating systems including iOS, iPadOS, macOS, watchOS, and visionOS. Users who haven't updated to the patched versions are vulnerable.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • watchOS
  • visionOS
Versions: Versions prior to iOS 16.7.9, iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6
Operating Systems: iOS, iPadOS, macOS, watchOS, visionOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all default configurations of the listed Apple operating systems before the patched versions.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious shortcuts could exfiltrate sensitive data, perform unauthorized network reconnaissance, or establish command and control channels without user knowledge.

🟠

Likely Case

Shortcuts could access network resources they shouldn't have permission to reach, potentially leaking user data or performing unwanted network operations.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated. With network segmentation and monitoring, unauthorized network traffic could be detected and blocked.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to run a malicious shortcut. No public proof-of-concept has been identified in the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 16.7.9, iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6

Vendor Advisory: https://support.apple.com/en-us/HT214108

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/visionOS. 2. Go to System Settings > General > Software Update on macOS. 3. Download and install the available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Disable Shortcuts from Untrusted Sources

all

Prevent installation of shortcuts from untrusted sources to reduce attack surface.

Settings > Shortcuts > Allow Untrusted Shortcuts (toggle OFF)

Network Segmentation

all

Segment devices into restricted network zones to limit potential damage from unauthorized network access.

🧯 If You Can't Patch

  • Restrict shortcut usage to only trusted sources and disable internet access for shortcuts where possible.
  • Implement network monitoring to detect unusual outbound connections from affected devices.

🔍 How to Verify

Check if Vulnerable:

Check the device's operating system version against the affected versions listed above.

Check Version:

iOS/iPadOS/watchOS/visionOS: Settings > General > About > Version. macOS: Apple menu > About This Mac > macOS version.

Verify Fix Applied:

Verify the device is running one of the patched versions listed in fix_official.patch_version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual network connections initiated by Shortcuts process
  • Shortcuts accessing network resources without explicit user permission

Network Indicators:

  • Unexpected outbound connections from Apple devices running shortcuts
  • Traffic to unusual destinations from Shortcuts-related processes

SIEM Query:

source="apple_device_logs" AND process="shortcuts" AND destination_ip NOT IN [allowed_ips]

📊 Metadata

CVE ID: CVE-2024-40809
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: July 29, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON