CVE-2024-40799: 
macOS vulnerability analysis and mitigation

CVE-2024-40799 is an out-of-bounds read vulnerability discovered in Apple's CoreGraphics component. The vulnerability affects multiple Apple operating systems including iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, and macOS Sonoma 14.6. The issue was disclosed and patched on July 29, 2024 (Apple Support).

The vulnerability is classified as an out-of-bounds read issue in the CoreGraphics component. The vulnerability occurs when processing maliciously crafted files, which can lead to unexpected application termination. The issue was addressed by Apple through improved input validation. The vulnerability has a CVSS v3.1 Base Score of 7.1 HIGH with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H (NVD).

When exploited, the vulnerability can lead to unexpected application termination when processing maliciously crafted files. This could potentially allow an attacker to cause denial of service conditions in affected applications (Apple Support).

Apple has released security updates to address this vulnerability across multiple operating systems. Users should update to iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, or macOS Sonoma 14.6 depending on their device (Apple Support).