VYPR
← All advisories
High severity7.1NVD Advisory· Published Jul 29, 2024· Updated Apr 2, 2026

CVE-2024-40799

CVE-2024-40799

Description

An out-of-bounds read in multiple Apple operating systems could let a maliciously crafted file terminate the app.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read in multiple Apple operating systems could let a maliciously crafted file terminate the app.

Vulnerability

CVE-2024-40799 is an out-of-bounds read vulnerability in Apple's core processing of files. The root cause is insufficient input validation, which can be triggered when the system handles a maliciously crafted file [1]. This issue affects a wide range of Apple platforms, including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS [1][2].

Exploitation

To exploit this vulnerability, an attacker would need to deliver a specially crafted file to a user's device. The file could be delivered through various means, such as email, a website, or direct file transfer. No special permissions beyond normal file access are required for the application that processes the file. The out-of-bounds read occurs during file parsing, leading to unpredictable behavior [1][2].

Impact

The primary impact of successfully exploiting this vulnerability is unexpected app termination. This constitutes a denial-of-service (DoS) condition, potentially disrupting user productivity or causing data loss if the application was in the middle of an operation. There is no indication that this bug leads to arbitrary code execution or data exposure based on the available information [1][2].

Mitigation

Apple has addressed this issue in the following software releases: iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, and watchOS 10.6 [1][2][4]. Users are strongly advised to update to these latest versions to protect against potential exploitation.

References
  1. About the security content of macOS Sonoma 14.6 - Apple Support
  2. About the security content of macOS Sonoma 14.6 - Apple Support
  3. About the security content of iOS 17.6 and iPadOS 17.6 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • Apple Inc./Ipados
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
    Range: <16.7.9
  • Apple Inc./Iphone OS
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <16.7.9
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <12.7.6
    • (no CPE)range: <12.7.6 >=12 <=12.7.6; <13.6.8 >=13 <=13.6.8; <14.6 >=14 <=14.6
  • Apple Inc./tvOS2 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <17.6
    • (no CPE)range: <17.6
  • Apple Inc./Visionos
    cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
    Range: <1.3
  • Apple Inc./watchOS
    cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Range: <10.6
  • Apple Inc./iOS and iPadOSllm-fuzzy
    Range: <16.7.9 >=16 <=16.7.9; <17.6 >=17 <=17.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

31

News mentions

0

No linked articles in our index yet.