Login Sign Up

CVE-2024-40856

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows attackers to force Apple devices to disconnect from secure Wi-Fi networks by exploiting an integrity issue in Beacon Protection. It affects iOS, iPadOS, tvOS, and macOS devices running versions before the specified updates. The attack can disrupt network connectivity and potentially facilitate man-in-the-middle attacks.

💻 Affected Systems

Products:
  • iPhone
  • iPad
  • Apple TV
  • Mac
Versions: Versions before iOS 18, iPadOS 18, tvOS 18, macOS Sequoia 15
Operating Systems: iOS, iPadOS, tvOS, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices using Wi-Fi with Beacon Protection enabled (typically default).

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could persistently disconnect devices from secure networks, enabling man-in-the-middle attacks, credential theft, or forcing devices onto malicious networks.

🟠

Likely Case

Temporary network disruption and denial of service, potentially forcing users onto less secure networks.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; devices would reconnect automatically after attack stops.

🌐 Internet-Facing: MEDIUM - Attackers need proximity to target network but can exploit remotely if they can reach the wireless network.
🏢 Internal Only: LOW - Requires attacker to be on the same wireless network or have wireless access to the target network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation details published in Full Disclosure mailing list; requires wireless proximity or network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 18, iPadOS 18, tvOS 18, macOS Sequoia 15

Vendor Advisory: https://support.apple.com/en-us/121238

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update. 2. Download and install the latest update. 3. Restart device when prompted.

🔧 Temporary Workarounds

Disable Wi-Fi Auto-Join

all

Prevent automatic reconnection to potentially compromised networks

Settings > Wi-Fi > [Network Name] > Auto-Join: Off

Use Wired Ethernet

all

Connect via Ethernet instead of Wi-Fi where possible

🧯 If You Can't Patch

  • Implement network segmentation to isolate critical devices
  • Deploy wireless intrusion detection systems to monitor for deauthentication attacks

🔍 How to Verify

Check if Vulnerable:

Check device version in Settings > General > About > Software Version

Check Version:

Settings > General > About > Software Version (iOS/iPadOS/tvOS) or About This Mac > macOS Version (macOS)

Verify Fix Applied:

Confirm version is iOS 18+, iPadOS 18+, tvOS 18+, or macOS Sequoia 15+

📡 Detection & Monitoring

Log Indicators:

  • Multiple deauthentication frames
  • Unexpected Wi-Fi disconnections
  • Beacon frame anomalies

Network Indicators:

  • Spike in 802.11 deauthentication packets
  • Abnormal beacon frame patterns

SIEM Query:

source="wireless*" AND (deauthentication OR beacon) AND count>10

📊 Metadata

CVE ID: CVE-2024-40856
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: September 17, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON