CVE-2024-40795

Exploited in the Wild

NIST CVSS Scores

CVSS v3.1 Base Score: 3.3 (Low)

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA CVSS Scores

CVSS v3.1 Base Score: 3.3 (Low)

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Operating Systems Impacted

macOS Sonoma (prior to 14.6)
iOS (prior to 17.6)
iPadOS (prior to 17.6)
watchOS (prior to 10.6)
tvOS (prior to 17.6)

Additional Resources

Description

CVE-2024-40795 is a security vulnerability in Apple's Family Sharing component that could allow an application to read sensitive location information. The issue was addressed by Apple through improved data protection in macOS Sonoma 14.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, and tvOS 17.6. The vulnerability was discovered by Csaba Fitzl (@theevilbit) of Kandji.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive location information by an application. The severity of this issue has been assessed as follows:

Stay up to date

Iru's weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.

Description

Impact

CVE-2024-27848

CVE-2024-40783

CVE-2024-40855

Stay up to date