Security features bypass in macOS - CVE-2024-40829
Published: July 30, 2024
Vulnerability identifier: #VU94916
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-40829
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in VoiceOver. An attacker with physical access to the system can view restricted content from the lock screen.
How to mitigate CVE-2024-40829
Install updates from vendor's website.