OS X update for Shortcuts (CVE-2024-40833)

OS X update for Shortcuts (CVE-2024-40833)

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:N)

Published

07/29/2024

Created

07/31/2024

Added

07/31/2024

Modified

01/28/2025

Description

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.

Solution(s)

• apple-osx-upgrade-12_7_6
• apple-osx-upgrade-13_6_8
• apple-osx-upgrade-14_6

References

• https://attackerkb.com/topics/cve-2024-40833
• CVE - 2024-40833
• https://support.apple.com/en-us/120910
• https://support.apple.com/en-us/120911
• https://support.apple.com/en-us/120912