CVE-2024-40779: 
Apple Safari vulnerability analysis and mitigation

CVE-2024-40779 is an out-of-bounds read vulnerability affecting multiple Apple operating systems and products, including iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, and macOS Sonoma 14.6. The vulnerability was discovered by Huang Xilin of Ant Group Light-Year Security Lab and was fixed in July 2024 (Apple Support).

The vulnerability is classified as an out-of-bounds read issue in WebKit, Apple's browser engine. The issue was addressed with improved bounds checking (WebKit Bugzilla: 275431). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

When exploited, processing maliciously crafted web content may lead to an unexpected process crash. This could potentially affect the stability of applications using WebKit across multiple Apple platforms (Apple Support, Apple Support).

Apple has released security updates to address this vulnerability across multiple platforms. Users should update to iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, or macOS Sonoma 14.6, depending on their device (Apple Support, Apple Support).