Medium severity5.5NVD Advisory· Published Jul 29, 2024· Updated Apr 2, 2026

CVE-2024-40833

Description

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A logic issue in Apple's Shortcuts app allowed a malicious shortcut to access sensitive data without user prompting; fixed in recent OS updates.

Vulnerability

CVE-2024-40833 is a logic issue in Apple's Shortcuts app that, before the fix, allowed a shortcut to use sensitive data with certain actions without prompting the user. Apple addressed the issue in iOS 16.7.9, iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, and macOS Ventura 13.6.8 by improving checks [Description].

Exploitation

A malicious shortcut—likely installed via social engineering or from untrusted sources—could exploit this flaw to access sensitive data that normally requires user consent. The vulnerability bypasses the expected privacy prompt, meaning data could be exfiltrated without the user's knowledge [Description].

Impact

A successful exploit allows a shortcut to access private information, such as contacts or other sensitive data, without user interaction. The impact is rated Medium (CVSS 5.5) because it requires local access and the user to run the shortcut, but the bypass of privacy controls increases its severity [1][2][3].

Mitigation

Apple released fixes for all affected platforms on July 29, 2024. Users should update to the latest OS versions. No workaround is available; full mitigation requires applying the security patches [1][2][3][4].

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados2 versions
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <16.7.9
- (no CPE)range: = 16.7.9
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <16.7.9
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: <12.7.6
Apple Inc./macOS Montereyllm-fuzzy
Range: = 12.7.6
Apple Inc./iOSllm-fuzzy
Range: = 16.7.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2024/Jul/17nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2024/Jul/18nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2024/Jul/19nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2024/Jul/20nvdMailing ListThird Party Advisory
support.apple.com/en-us/HT214116nvdRelease NotesVendor Advisory
support.apple.com/en-us/HT214118nvdRelease NotesVendor Advisory
support.apple.com/en-us/HT214119nvdRelease NotesVendor Advisory
support.apple.com/en-us/HT214120nvdRelease NotesVendor Advisory
support.apple.com/en-us/120908nvd
support.apple.com/en-us/120910nvd
support.apple.com/en-us/120911nvd
support.apple.com/en-us/120912nvd
support.apple.com/kb/HT214116nvd
support.apple.com/kb/HT214118nvd
support.apple.com/kb/HT214119nvd
support.apple.com/kb/HT214120nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000