CVE-2024-40787 | Vulnerability Database | Aqua Security

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	17.6 (excluding)
Iphone_os	Apple	*	17.6 (excluding)
Macos	Apple	*	12.7.6 (excluding)
Macos	Apple	13.0 (including)	13.6.8 (excluding)
Macos	Apple	14.0 (including)	14.6 (excluding)
Watchos	Apple	*	10.6 (excluding)

References

http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/18
http://seclists.org/fulldisclosure/2024/Jul/19
http://seclists.org/fulldisclosure/2024/Jul/20
http://seclists.org/fulldisclosure/2024/Jul/21
https://support.apple.com/en-us/HT214117
https://support.apple.com/en-us/HT214118
https://support.apple.com/en-us/HT214119
https://support.apple.com/en-us/HT214120
https://support.apple.com/en-us/HT214124

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-40787
CWE	https://cwe.mitre.org/data/definitions/.html