CVE-2024-40836
Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.
CWE
- CWE-200 — CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Affected
- Apple / iOS and iPadOS — v=0 <16.7.9 [affected]; v=0 <17.6 [affected]
- Apple / macOS — v=0 <14.6 [affected]
- Apple / watchOS — v=0 <10.6 [affected]
CVSS
- (none)
References
- https://support.apple.com/en-us/120908
- https://support.apple.com/en-us/120909
- https://support.apple.com/en-us/120911
- https://support.apple.com/en-us/120916
Source
cvelistV5-main/cves/2024/40xxx/CVE-2024-40836.json