CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-40785

High Severity
Apple
SVRS
58/100
CVSSv3
6.1/10
EPSS
0.00597/1

CVE-2024-40785 is a cross-site scripting (XSS) vulnerability affecting Apple products. A maliciously crafted website could exploit this flaw to execute arbitrary scripts in a user's browser. This issue has been addressed in recent updates including iOS 16.7.9, Safari 17.6, and macOS Sonoma 14.6. While the CVSS score is 6.1 indicating a medium severity, the SOCRadar Vulnerability Risk Score (SVRS) of 58 suggests the vulnerability poses a moderate risk. Organizations should prioritize patching systems to mitigate the potential for malicious code execution and data theft. Failing to patch can allow attackers to inject malicious scripts, potentially compromising user accounts and sensitive information. Immediate patching of all affected devices is recommended.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:C
C:L
I:L
A:N
PUBLICATION DATE2024-07-29
LAST MODIFIED2025-03-25
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-40785 is a cross-site scripting (XSS) vulnerability in Safari, the default web browser on Apple devices. An attacker could exploit this vulnerability by sending a specially crafted web page to a victim, which, if opened in Safari, could allow the attacker to execute arbitrary JavaScript code in the victim's browser. This could allow the attacker to steal sensitive information, such as cookies, session tokens, or passwords.

Key Insights:

  • The SVRS of 34 indicates that this vulnerability is of low severity and does not pose an immediate threat.
  • There are no known active exploits for this vulnerability.
  • CISA has not issued a warning about this vulnerability.
  • This vulnerability is not currently being exploited in the wild.

Mitigation Strategies:

  • Update to the latest version of Safari (17.6 or later).
  • Use a web browser other than Safari.
  • Be cautious when opening links from unknown sources.
  • Use a content blocker to block malicious websites.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-40785 | Apple tvOS Web cross site scripting (Nessus ID 212176)
vuldb.com2025-03-16
CVE-2024-40785 | Apple tvOS Web cross site scripting (Nessus ID 212176) | A vulnerability, which was classified as problematic, has been found in Apple tvOS. This issue affects some unknown processing of the component Web Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-40785. The attack may be initiated remotely. There is no exploit available. It
vuldb.com
rss
forum
news
CVE-2024-40785 | Apple iOS/iPadOS Web cross site scripting (Nessus ID 212176)
vuldb.com2025-03-16
CVE-2024-40785 | Apple iOS/iPadOS Web cross site scripting (Nessus ID 212176) | A vulnerability was found in Apple iOS and iPadOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-40785. The attack can be launched remotely. There is no
vuldb.com
rss
forum
news
CVE-2024-40785 | Apple watchOS Web cross site scripting (Nessus ID 212176)
vuldb.com2025-03-16
CVE-2024-40785 | Apple watchOS Web cross site scripting (Nessus ID 212176) | A vulnerability was found in Apple watchOS. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-40785. The attack may be launched remotely. There is no exploit available
vuldb.com
rss
forum
news
CVE-2024-40785 | Apple macOS Web cross site scripting (Nessus ID 212176)
vuldb.com2025-03-16
CVE-2024-40785 | Apple macOS Web cross site scripting (Nessus ID 212176) | A vulnerability classified as problematic has been found in Apple macOS. This affects an unknown part of the component Web Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-40785. It is possible to initiate the attack remotely. There is no exploit available. It is
vuldb.com
rss
forum
news
CVE-2024-40785 | Apple visionOS Web cross site scripting (Nessus ID 212176)
vuldb.com2025-03-16
CVE-2024-40785 | Apple visionOS Web cross site scripting (Nessus ID 212176) | A vulnerability classified as problematic was found in Apple visionOS. This vulnerability affects unknown code of the component Web Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-40785. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected
vuldb.com
rss
forum
news
CVE-2024-40785 | Apple Safari Web cross site scripting (Nessus ID 212176)
vuldb.com2025-03-16
CVE-2024-40785 | Apple Safari Web cross site scripting (Nessus ID 212176) | A vulnerability was found in Apple Safari. It has been classified as problematic. Affected is an unknown function of the component Web Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-40785. It is possible to launch the attack remotely. There is no exploit available. It
vuldb.com
rss
forum
news

Social Media

CVE-2024-40785 This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, vi… https://t.co/cuvjGXbDJu
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSAppleiphone_os
Configuration 2
TypeVendorProduct
OSAppleipados
Configuration 3
TypeVendorProduct
AppApplesafari
Configuration 4
TypeVendorProduct
OSApplewatchos
Configuration 5
TypeVendorProduct
OSAppletvos
Configuration 6
TypeVendorProduct
OSApplevisionos
Configuration 7
TypeVendorProduct
OSApplemacos

References

ReferenceLink
[email protected]https://support.apple.com/en-us/HT214116
[email protected]https://support.apple.com/en-us/HT214117
[email protected]https://support.apple.com/en-us/HT214119
[email protected]https://support.apple.com/en-us/HT214121
[email protected]https://support.apple.com/en-us/HT214122
[email protected]https://support.apple.com/en-us/HT214123
[email protected]https://support.apple.com/en-us/HT214124
[email protected]http://seclists.org/fulldisclosure/2024/Jul/15
[email protected]http://seclists.org/fulldisclosure/2024/Jul/16
[email protected]http://seclists.org/fulldisclosure/2024/Jul/17
[email protected]http://seclists.org/fulldisclosure/2024/Jul/18
[email protected]http://seclists.org/fulldisclosure/2024/Jul/21
[email protected]http://seclists.org/fulldisclosure/2024/Jul/22
[email protected]http://seclists.org/fulldisclosure/2024/Jul/23
[email protected]https://support.apple.com/en-us/HT214116
[email protected]https://support.apple.com/en-us/HT214117
[email protected]https://support.apple.com/en-us/HT214119
[email protected]https://support.apple.com/en-us/HT214121
[email protected]https://support.apple.com/en-us/HT214122
[email protected]https://support.apple.com/en-us/HT214123
[email protected]https://support.apple.com/en-us/HT214124
GITHUBhttp://seclists.org/fulldisclosure/2024/Jul/15
GITHUBhttp://seclists.org/fulldisclosure/2024/Jul/16
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Jul/15
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Jul/16
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Jul/17
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Jul/18
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Jul/21
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Jul/22
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Jul/23
AF854A3A-2127-422B-91AE-364DA2661108https://support.apple.com/en-us/HT214116
AF854A3A-2127-422B-91AE-364DA2661108https://support.apple.com/en-us/HT214117
AF854A3A-2127-422B-91AE-364DA2661108https://support.apple.com/en-us/HT214119
AF854A3A-2127-422B-91AE-364DA2661108https://support.apple.com/en-us/HT214121
AF854A3A-2127-422B-91AE-364DA2661108https://support.apple.com/en-us/HT214122
AF854A3A-2127-422B-91AE-364DA2661108https://support.apple.com/en-us/HT214123
AF854A3A-2127-422B-91AE-364DA2661108https://support.apple.com/en-us/HT214124
[email protected]http://seclists.org/fulldisclosure/2024/Jul/15
[email protected]http://seclists.org/fulldisclosure/2024/Jul/16
[email protected]http://seclists.org/fulldisclosure/2024/Jul/17
[email protected]http://seclists.org/fulldisclosure/2024/Jul/18
[email protected]http://seclists.org/fulldisclosure/2024/Jul/21
[email protected]http://seclists.org/fulldisclosure/2024/Jul/22
[email protected]http://seclists.org/fulldisclosure/2024/Jul/23
[email protected]https://support.apple.com/en-us/HT214116
[email protected]https://support.apple.com/en-us/HT214117
[email protected]https://support.apple.com/en-us/HT214119
[email protected]https://support.apple.com/en-us/HT214121
[email protected]https://support.apple.com/en-us/HT214122
[email protected]https://support.apple.com/en-us/HT214123
[email protected]https://support.apple.com/en-us/HT214124

CWE Details

CWE IDCWE NameDescription
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence