CVE-2024-40814 – This macOS vulnerability allows malicious appli... (How to Fix)

Q: What is the severity of CVE-2024-40814?

CVE-2024-40814 has a CVSS score of 7.1 (HIGH). This macOS vulnerability allows malicious applications to bypass Privacy preferences by exploiting a downgrade issue in code-signing restrictions. It affects macOS systems before Sonoma 14.6, potentially enabling unauthorized access to protected resources like camera, microphone, or location data.

📋 TL;DR

This macOS vulnerability allows malicious applications to bypass Privacy preferences by exploiting a downgrade issue in code-signing restrictions. It affects macOS systems before Sonoma 14.6, potentially enabling unauthorized access to protected resources like camera, microphone, or location data.

💻 Affected Systems

Products:

macOS

Versions: Versions before macOS Sonoma 14.6

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All macOS systems with Privacy preferences enabled are vulnerable if not updated to 14.6 or later.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious app gains full access to all Privacy-protected resources (camera, microphone, contacts, location) without user consent, enabling surveillance and data exfiltration.

🟠

Likely Case

Malicious app bypasses specific Privacy controls to access sensitive data or hardware features the user intended to restrict.

🟢

If Mitigated

With proper macOS updates and Gatekeeper settings, the vulnerability is eliminated, maintaining normal Privacy preference enforcement.

🌐 Internet-Facing: LOW (macOS vulnerabilities typically require local app execution rather than remote network exploitation)

🏢 Internal Only: MEDIUM (Requires user to install/run malicious app, but could be combined with social engineering or other attacks)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user to run a malicious application. The vulnerability involves code-signing bypass rather than remote code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.6

Vendor Advisory: https://support.apple.com/en-us/HT214119

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install macOS Sonoma 14.6 or later 5. Restart when prompted

🔧 Temporary Workarounds

Restrict App Installation Sources

all

Configure Gatekeeper to only allow apps from the App Store and identified developers

sudo spctl --master-enable
sudo spctl --enable

Review Privacy Settings

all

Manually verify and restrict Privacy permissions for all applications

🧯 If You Can't Patch

Implement application allowlisting to prevent unauthorized app execution
Educate users about risks of installing apps from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check macOS version: If version is earlier than 14.6, system is vulnerable

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 14.6 or later and check that Privacy preferences are functioning normally

📡 Detection & Monitoring

Log Indicators:

Unexpected Privacy permission changes in system logs
Applications accessing protected resources without proper authorization prompts

Network Indicators:

Unusual outbound connections from applications with newly granted permissions

SIEM Query:

source="macos_system_logs" AND (event="privacy_override" OR event="code_signature_bypass")

📊 Metadata

CVE ID: CVE-2024-40814

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-285

Published: July 29, 2024

Last Updated: November 4, 2025

🔗 References

http://seclists.org/fulldisclosure/2024/Jul/18 Mailing List
https://support.apple.com/en-us/HT214119 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Jul/18 Mailing List
http://seclists.org/fulldisclosure/2024/Sep/41
https://support.apple.com/en-us/HT214119 Vendor Advisory
https://support.apple.com/kb/HT214119

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40814, you might also want to check these: