CVE-2024-40855

Exploited in the Wild

NIST CVSS Scores

CVSS v3.1 Base Score: 5.5 (Medium)

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA CVSS Scores

CVSS v3.1 Base Score: 5.5 (Medium)

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Operating Systems Impacted

macOS Sequoia (prior to 15)
macOS Sonoma (prior to 14.7.1)
macOS Ventura (prior to 13.7.1)

Additional Resources

NVD CVE-2024-40855
macOS Sequoia 15
macOS Sonoma 14.7.1
macOS Ventura 13.7.1

Description

CVE-2024-40855 is a security vulnerability in Apple's DiskArbitration framework that could allow a sandboxed app to access sensitive user data. The issue was addressed by Apple through improved checks in macOS Sequoia 15, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user data by a sandboxed application. The severity of this issue has been assessed as follows: