VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Jan 15, 2025· Updated Apr 2, 2026

CVE-2024-40854

CVE-2024-40854

Description

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory initialization issue in Apple operating systems could allow an app to cause unexpected system termination.

Vulnerability

Overview

CVE-2024-40854 is a memory initialization issue affecting Apple operating systems, including iOS, iPadOS, and macOS. The vulnerability exists due to improper memory handling, which could allow an application to trigger unexpected system termination. Apple addressed the issue by improving memory handling in software updates released on October 28, 2024 [1][2][3][4].

Exploitation

Vector

The attack surface for this vulnerability requires a malicious or compromised app to be installed on the device. No physical access or advanced network position is necessary beyond the ability to run code on the system. The vulnerability is triggered through normal app execution, exploiting the memory initialization flaw to cause a system crash [1].

Impact

Successful exploitation leads to unexpected system termination, effectively causing a denial of service (DoS) condition. This can disrupt device operation, potentially leading to data loss or service unavailability. The CVSS v3 score of 5.5 (Medium) reflects the local attack vector and the requirement for an app to be installed, but the impact is limited to availability [1].

Mitigation

The vulnerability is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1. Users are advised to update their devices to the latest available versions. Apple does not provide a workaround, and the issue is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].

References
  1. About the security content of macOS Sequoia 15.1 - Apple Support
  2. About the security content of iOS 18.1 and iPadOS 18.1 - Apple Support
  3. About the security content of macOS Sonoma 14.7.1 - Apple Support
  4. About the security content of macOS Ventura 13.7.1 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Apple Inc./Ipados2 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <17.7.1
    • (no CPE)range: = 17.7.1 / 18.1
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <17.7.1
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <13.7.1
    • (no CPE)range: = 15.1 / 14.7.1 / 13.7.1
  • Apple Inc./iOSllm-fuzzy
    Range: = 17.7.1 / 18.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.