CVE-2024-40812: A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6,...

Description

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.

Classification

CVE ID: CVE-2024-40812

Problem Types

A shortcut may be able to bypass Internet permission requirements

Affected Products

Vendor: Apple, Apple, Apple, Apple, Apple, Apple, Apple

Product: iOS and iPadOS, iOS and iPadOS, macOS, watchOS, macOS, visionOS, macOS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 12.83% (scored less or equal to compared to others)

EPSS Date: 2025-03-31 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

Timeline

2025-03-14 18:40:21 UTC
CVE

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6,...