CVE-2024-40795
Summary
| CVE | CVE-2024-40795 |
|---|---|
| State | PUBLISHED |
| Assigner | apple |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-07-29 23:15:12 UTC |
| Updated | 2026-04-02 19:17:45 UTC |
| Description | This issue was addressed with improved data protection. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to read sensitive location information. |
Risk And Classification
Primary CVSS: v3.1 3.3 LOW from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS: 0.000250000 probability, percentile 0.069400000 (date 2026-04-02)
Problem Types: NVD-CWE-noinfo | An app may be able to read sensitive location information | CWE-noinfo Not enough information
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | ADP | DECLARED | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
LowIntegrity
NoneAvailability
NoneCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.apple.com/kb/HT214124 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/en-us/120909 | [email protected] | support.apple.com | |
| seclists.org/fulldisclosure/2024/Jul/16 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| support.apple.com/en-us/HT214117 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| seclists.org/fulldisclosure/2024/Jul/22 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| support.apple.com/en-us/120916 | [email protected] | support.apple.com | |
| support.apple.com/kb/HT214122 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/kb/HT214117 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/en-us/120914 | [email protected] | support.apple.com | |
| support.apple.com/en-us/HT214124 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| support.apple.com/en-us/HT214119 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| seclists.org/fulldisclosure/2024/Jul/18 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| support.apple.com/kb/HT214119 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | |
| support.apple.com/en-us/120911 | [email protected] | support.apple.com | |
| seclists.org/fulldisclosure/2024/Jul/21 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| support.apple.com/en-us/HT214122 | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.