CVE-2024-40818
📋 TL;DR
This vulnerability allows an attacker with physical access to a locked Apple device to use Siri to access sensitive user data. It affects iOS, iPadOS, macOS, and watchOS devices before specific patched versions. The issue was addressed by restricting options offered on locked devices.
💻 Affected Systems
- iPhone
- iPad
- Mac
- Apple Watch
📦 What is this software?
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
An attacker with brief physical access could extract sensitive personal data, messages, contacts, or other information from a locked device without authentication.
Likely Case
Limited data exposure from a locked device when an attacker has physical access and can interact with Siri.
If Mitigated
No data access possible from locked device when proper controls are in place.
🎯 Exploit Status
Exploitation requires physical device access and interaction with Siri on locked device. No authentication bypass needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 16.7.9, iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6, iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6
Vendor Advisory: https://support.apple.com/en-us/HT214108
Restart Required: Yes
Instructions:
1. Go to Settings > General > Software Update. 2. Download and install the latest available update. 3. Restart device when prompted.
🔧 Temporary Workarounds
Disable Siri on Lock Screen
allPrevent Siri from being accessible when device is locked
Enable Stronger Passcode
allUse longer alphanumeric passcode to make physical access more difficult
🧯 If You Can't Patch
- Disable Siri on lock screen in device settings
- Implement physical security controls to prevent unauthorized device access
🔍 How to Verify
Check if Vulnerable:
Check device version in Settings > General > About > Software VersionCheck Version:
Settings > General > About > Software VersionVerify Fix Applied:
Verify version matches or exceeds patched versions listed in fix_official section📡 Detection & Monitoring
Log Indicators:
- Multiple failed unlock attempts followed by Siri activation
- Siri usage patterns from locked state
Network Indicators:
- None - this is a local physical access vulnerability
SIEM Query:
Device logs showing Siri activation events from locked state🔗 References
- http://seclists.org/fulldisclosure/2024/Jul/16
- http://seclists.org/fulldisclosure/2024/Jul/17
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://seclists.org/fulldisclosure/2024/Jul/19
- http://seclists.org/fulldisclosure/2024/Jul/21
- https://support.apple.com/en-us/HT214116
- https://support.apple.com/en-us/HT214117
- https://support.apple.com/en-us/HT214119
- https://support.apple.com/en-us/HT214120
- https://support.apple.com/en-us/HT214124
- http://seclists.org/fulldisclosure/2024/Jul/16
- http://seclists.org/fulldisclosure/2024/Jul/17
- http://seclists.org/fulldisclosure/2024/Jul/18
- http://seclists.org/fulldisclosure/2024/Jul/19
- http://seclists.org/fulldisclosure/2024/Jul/21
- https://support.apple.com/en-us/HT214116
- https://support.apple.com/en-us/HT214117
- https://support.apple.com/en-us/HT214119
- https://support.apple.com/en-us/HT214120
- https://support.apple.com/en-us/HT214124
- https://support.apple.com/kb/HT214116
- https://support.apple.com/kb/HT214117
- https://support.apple.com/kb/HT214119
- https://support.apple.com/kb/HT214120
- https://support.apple.com/kb/HT214124
