CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-40836

Medium Severity
Apple
SVRS
30/100
CVSSv3
5.5/10
EPSS
0.00125/1

CVE-2024-40836 is a logic issue in Apple's watchOS, macOS, and iOS/iPadOS operating systems, now patched in updated versions. This vulnerability allows a shortcut to potentially access and utilize sensitive data without explicit user permission. With a SOCRadar Vulnerability Risk Score (SVRS) of 30, while not critical, it indicates a potential risk that warrants attention. The fix is available in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6, iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. Users of affected Apple devices should update to the latest versions to mitigate this risk of unauthorized data access. Although the CVSS score is moderate, promptly addressing this vulnerability is crucial to protect user privacy and data security. Ignoring this could lead to unforeseen data breaches, highlighting the importance of consistent software updates.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2024-07-29
LAST MODIFIED2025-03-13

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-40836 | Apple iOS/iPadOS Shortcut access control
vuldb.com2025-03-16
CVE-2024-40836 | Apple iOS/iPadOS Shortcut access control | A vulnerability classified as critical has been found in Apple iOS and iPadOS. This affects an unknown part of the component Shortcut Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-40836. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to
vuldb.com
rss
forum
news
CVE-2024-40836 | Apple watchOS Shortcut access control
vuldb.com2025-03-16
CVE-2024-40836 | Apple watchOS Shortcut access control | A vulnerability classified as critical was found in Apple watchOS. This vulnerability affects unknown code of the component Shortcut Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-40836. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news
CVE-2024-40836 | Apple macOS Shortcut access control
vuldb.com2025-03-16
CVE-2024-40836 | Apple macOS Shortcut access control | A vulnerability, which was classified as critical, has been found in Apple macOS. This issue affects some unknown processing of the component Shortcut Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-40836. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade
vuldb.com
rss
forum
news

Social Media

A new vulnerability with increased severity was disclosed for Apple iOS and iPadOS (CVE-2024-40836) https://t.co/jZHzuBnLFt
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSAppleipados
OSAppleiphone_os
OSApplemacos
OSApplewatchos

References

ReferenceLink
[email protected]https://support.apple.com/en-us/HT214116
[email protected]https://support.apple.com/en-us/HT214117
[email protected]https://support.apple.com/en-us/HT214119
[email protected]https://support.apple.com/en-us/HT214124
[email protected]http://seclists.org/fulldisclosure/2024/Jul/16
[email protected]http://seclists.org/fulldisclosure/2024/Jul/17
[email protected]http://seclists.org/fulldisclosure/2024/Jul/18
[email protected]http://seclists.org/fulldisclosure/2024/Jul/21
[email protected]https://support.apple.com/en-us/HT214116
[email protected]https://support.apple.com/en-us/HT214117
[email protected]https://support.apple.com/en-us/HT214119
[email protected]https://support.apple.com/en-us/HT214124
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Jul/16
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Jul/17
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Jul/18
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2024/Jul/21
AF854A3A-2127-422B-91AE-364DA2661108https://support.apple.com/en-us/HT214116
AF854A3A-2127-422B-91AE-364DA2661108https://support.apple.com/en-us/HT214117
AF854A3A-2127-422B-91AE-364DA2661108https://support.apple.com/en-us/HT214119
AF854A3A-2127-422B-91AE-364DA2661108https://support.apple.com/en-us/HT214124
[email protected]http://seclists.org/fulldisclosure/2024/Jul/16
[email protected]http://seclists.org/fulldisclosure/2024/Jul/17
[email protected]http://seclists.org/fulldisclosure/2024/Jul/18
[email protected]http://seclists.org/fulldisclosure/2024/Jul/21
[email protected]https://support.apple.com/en-us/HT214116
[email protected]https://support.apple.com/en-us/HT214117
[email protected]https://support.apple.com/en-us/HT214119
[email protected]https://support.apple.com/en-us/HT214124
GITHUBhttp://seclists.org/fulldisclosure/2024/Jul/16
GITHUBhttp://seclists.org/fulldisclosure/2024/Jul/17
GITHUBhttp://seclists.org/fulldisclosure/2024/Jul/18

CWE Details

CWE IDCWE NameDescription
CWE-200Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence