PT-2024-29091 · Apple · Macos Monterey+4

Marcio Almeida

Published

2024-07-29

Updated

2024-12-07

CVE-2024-40834

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions macOS Sonoma versions 14.0 through 14.5 macOS Monterey versions 12.0 through 12.7.5 macOS Ventura versions 13.0 through 13.6.7

Description The issue allows a shortcut to potentially bypass sensitive Shortcuts app settings. This is addressed by adding an additional prompt for user consent. The vulnerability may enable arbitrary command execution and file leaks across all Apple devices.

Recommendations For macOS Sonoma versions 14.0 through 14.5, update to macOS Sonoma 14.6. For macOS Monterey versions 12.0 through 12.7.5, update to macOS Monterey 12.7.6. For macOS Ventura versions 13.0 through 13.6.7, update to macOS Ventura 13.6.8.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2024-40834

Affected Products

Apple Macos

Shortcuts App

Macos Monterey

Macos Sonoma

Macos Ventura

PT-2024-29091 · Apple · Macos Monterey+4

CVE-2024-40834

Weakness Enumeration

Related Identifiers

Affected Products

References · 20