CVE-2024-40795 is a security vulnerability in Apple's Family Sharing component that could allow an application to read sensitive location information. The issue was addressed by Apple through improved data protection in macOS Sonoma 14.6, iOS 17.6, iPadOS 17.6, watchOS 10.6, and tvOS 17.6. The vulnerability was discovered by Csaba Fitzl (@theevilbit) of Kandji.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive location information by an application. The severity of this issue has been assessed as follows:
Workforce Identity
Endpoint Management
Endpoint Detection & Response
Vulnerability Management
Compliance Automation
Trust Center
