Severity
Medium
Analysis Summary
CVE-2024-40841 CVSS:7.8
Apple macOS Sonoma is vulnerable to a denial of service, caused by an out-of-bounds write issue in the AppleVA component. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-40784 CVSS:7.8
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
CVE-2024-40777 CVSS:3.3
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
Impact
- Denial of Service
- Gain Access
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2024-40841
- CVE-2024-40784
- CVE-2024-40777
Affected Vendors
Affected Products
- Apple macOS Sonoma - 14.6
- Apple macOS 13.6.8
- Apple tvOS 17.6
- Apple iOS 16.7.9
- Apple iOS 17.6
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.