CVE-2024-40809
Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A logic issue in Shortcuts on Apple devices allows bypassing Internet permission requirements, potentially enabling unauthorized network access.
Vulnerability
Overview
CVE-2024-40809 is a logic issue in the Shortcuts app on Apple platforms. The flaw allows a shortcut to bypass Internet permission requirements, meaning a malicious shortcut could access the network without the user's explicit consent. The issue was addressed with improved checks in the affected operating systems.
Exploitation
To exploit this vulnerability, an attacker would need to convince a user to run a crafted shortcut. No additional privileges or network position are required beyond the ability to execute a shortcut. The logic flaw circumvents the permission prompt that normally asks the user to grant Internet access, enabling the shortcut to make network requests silently.
Impact
A successful exploit could allow an attacker to exfiltrate sensitive data, communicate with command-and-control servers, or perform other unauthorized network operations. This could lead to privacy breaches or further compromise of the device.
Mitigation
Apple has released patches for iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8, macOS Sonoma 14.6, visionOS 1.3, and watchOS 10.6. Users should update their devices to the latest available versions to mitigate the risk. The fix is included in the security content of macOS Sonoma 14.6 [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <16.7.9
- (no CPE)range: <16.7.9
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*range: <1.3
- (no CPE)range: <1.3
- Range: <14.6
- Range: <13.6.8
- Range: <12.7.6
- Range: <16.7.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
27- seclists.org/fulldisclosure/2024/Jul/16nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/17nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/18nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/19nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/20nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/21nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/23nvdMailing ListThird Party Advisory
- support.apple.com/en-us/HT214116nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214117nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214118nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214119nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214120nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214123nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214124nvdRelease NotesVendor Advisory
- support.apple.com/en-us/120908nvd
- support.apple.com/en-us/120909nvd
- support.apple.com/en-us/120910nvd
- support.apple.com/en-us/120911nvd
- support.apple.com/en-us/120912nvd
- support.apple.com/en-us/120915nvd
- support.apple.com/en-us/120916nvd
- support.apple.com/kb/HT214116nvd
- support.apple.com/kb/HT214117nvd
- support.apple.com/kb/HT214118nvd
- support.apple.com/kb/HT214119nvd
- support.apple.com/kb/HT214120nvd
- support.apple.com/kb/HT214124nvd
News mentions
0No linked articles in our index yet.