multiple Apple platforms: out-of-bounds read (CVE-2024-40779) #shorts #breaking
CVE
This CVE, published on July 29, 2024, details an out-of-bounds read vulnerability affecting multiple Apple platforms, including Safari, iOS, iPadOS, watchOS, macOS, visionOS, and tvOS. Exploiting this issue involves processing maliciously crafted web content which may lead to unexpected process crashes. It has been addressed with improved bounds checking in the latest software updates.
Watch the full video on YouTube: CVE-2024-40779
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Attack entry point
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.
- https://support.apple.com/en-us/HT214121
- https://support.apple.com/en-us/HT214117
- https://support.apple.com/en-us/HT214116
- https://support.apple.com/en-us/HT214124
- https://support.apple.com/en-us/HT214119
- https://support.apple.com/en-us/HT214123
- https://support.apple.com/en-us/HT214122
- http://seclists.org/fulldisclosure/2024/Jul/16
- http://seclists.org/fulldisclosure/2024/Jul/15
- http://seclists.org/fulldisclosure/2024/Jul/23
- http://seclists.org/fulldisclosure/2024/Jul/21
- http://seclists.org/fulldisclosure/2024/Jul/17
- http://seclists.org/fulldisclosure/2024/Jul/22
- http://seclists.org/fulldisclosure/2024/Jul/18
- https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/
CVE database technical details
CVE ID
CVE-2024-40779
Description
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Provider
apple
CWE / problem types
Processing maliciously crafted web content may lead to an unexpected process crash
Affected Software Versions
Apple:Safari:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.6', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.6', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '16.7', 'versionType': 'custom'}],Apple:watchOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '10.6', 'versionType': 'custom'}],Apple:macOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '14.6', 'versionType': 'custom'}],Apple:visionOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '1.3', 'versionType': 'custom'}],Apple:tvOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.6', 'versionType': 'custom'}]
Date Published
2024-07-29T22:16:33.641Z
Last Updated
2025-03-13T16:26:31.483Z