Security features bypass in macOS - CVE-2024-40829

 

Security features bypass in macOS - CVE-2024-40829

Published: July 30, 2024


Vulnerability identifier: #VU94916
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-40829
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Apple Inc.
Affected software:
macOS

Detailed vulnerability description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions in VoiceOver. An attacker with physical access to the system can view restricted content from the lock screen.


How to mitigate CVE-2024-40829

Install updates from vendor's website.

Sources