CVE-2024-40798
Description
A malicious app may read Safari browsing history due to insufficient redaction of sensitive information; fixed in iOS, iPadOS, and macOS updates.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A malicious app may read Safari browsing history due to insufficient redaction of sensitive information; fixed in iOS, iPadOS, and macOS updates.
Vulnerability
Overview
CVE-2024-40798 is a privacy issue in Apple's operating systems that allows a malicious application to read Safari's browsing history. The root cause is insufficient redaction of sensitive information, meaning the system failed to properly obscure or restrict access to browsing history data when an app requested it. This vulnerability affects iOS, iPadOS, and macOS devices prior to the specified updates.
Exploitation
An attacker would need to have a malicious app installed on the target device. No additional authentication or network access is required beyond the app's existing permissions. The app can then access Safari's browsing history, which is normally protected from third-party applications. The attack surface is local, requiring the user to have installed the malicious app.
Impact
Successful exploitation results in the exposure of the user's Safari browsing history, which can include sensitive information such as visited websites, search queries, and potentially login pages. This constitutes a privacy violation, as browsing history is considered private user data.
Mitigation
Apple addressed this issue in the following updates: iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, and macOS Ventura 13.6.8 [1][4]. Users are advised to update their devices to the latest available versions. No workarounds have been published.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- seclists.org/fulldisclosure/2024/Jul/17nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/18nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/19nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/20nvdMailing ListThird Party Advisory
- support.apple.com/en-us/HT214116nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214118nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214119nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214120nvdRelease NotesVendor Advisory
- support.apple.com/en-us/120908nvd
- support.apple.com/en-us/120910nvd
- support.apple.com/en-us/120911nvd
- support.apple.com/en-us/120912nvd
- support.apple.com/kb/HT214116nvd
- support.apple.com/kb/HT214118nvd
- support.apple.com/kb/HT214119nvd
- support.apple.com/kb/HT214120nvd
News mentions
0No linked articles in our index yet.