CVE-2024-40835
Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A logic issue in Apple Shortcuts allows a shortcut to access sensitive data without user prompting, fixed across multiple OS versions.
What is the vulnerability?
CVE-2024-40835 is a logic issue in the Shortcuts app that could allow a shortcut to use sensitive data with certain actions without prompting the user for permission. The root cause is an insufficient check in the permission workflow, allowing sensitive data access to bypass the expected user consent dialog. Apple addressed the issue by improving checks in the affected logic [1][2].
How is it exploited?
Exploitation requires the user to run a maliciously crafted shortcut, either downloaded or received. The vulnerability resides in the way certain actions request access to sensitive data (e.g., contacts, location, or photos); the shortcut can proceed without the usual prompt, effectively bypassing user consent. No additional authentication or special network position is required beyond the user executing the shortcut [1][2].
Impact
An attacker who can convince a user to run a malicious shortcut can access sensitive data without the user's knowledge or consent. The impact is data confidentiality breach, potentially exposing private information stored on the device. Apple's advisory rates this as Medium severity with a CVSS v3 base score of 5.5 [1][2].
Mitigation
Apple has released fixes in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8, macOS Sonoma 14.6, and watchOS 10.6 [1][2][4]. Users should update to the latest available versions to remediate the issue.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <12.7.6
- (no CPE)range: <12.7.6, <13.6.8, <14.6
- Range: <16.7.9, <17.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
24- seclists.org/fulldisclosure/2024/Jul/16nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/17nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/18nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/19nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/20nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/21nvdMailing ListThird Party Advisory
- support.apple.com/en-us/HT214116nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214117nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214118nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214119nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214120nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214124nvdRelease NotesVendor Advisory
- support.apple.com/en-us/120908nvd
- support.apple.com/en-us/120909nvd
- support.apple.com/en-us/120910nvd
- support.apple.com/en-us/120911nvd
- support.apple.com/en-us/120912nvd
- support.apple.com/en-us/120916nvd
- support.apple.com/kb/HT214116nvd
- support.apple.com/kb/HT214117nvd
- support.apple.com/kb/HT214118nvd
- support.apple.com/kb/HT214119nvd
- support.apple.com/kb/HT214120nvd
- support.apple.com/kb/HT214124nvd
News mentions
0No linked articles in our index yet.