CVE-2024-40818: This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura...
Description
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An attacker with physical access may be able to use Siri to access sensitive user data.
Classification
CVE ID: CVE-2024-40818
Problem Types
An attacker with physical access may be able to use Siri to access sensitive user dataAffected Products
Vendor: Apple, Apple, Apple, Apple, Apple
Product: iOS and iPadOS, iOS and iPadOS, macOS, watchOS, macOS
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.2% (probability of being exploited)
EPSS Percentile: 39.03% (scored less or equal to compared to others)
EPSS Date: 2025-04-11 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-40818https://support.apple.com/en-us/HT214117
https://support.apple.com/en-us/HT214116
https://support.apple.com/en-us/HT214120
https://support.apple.com/en-us/HT214124
https://support.apple.com/en-us/HT214119
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/21
http://seclists.org/fulldisclosure/2024/Jul/17
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19