CVE-2024-40850: 
macOS vulnerability analysis and mitigation

CVE-2024-40850 is a file access vulnerability discovered in Apple's Game Center component that affects multiple Apple operating systems including macOS Ventura 13.7, iOS 17.7, iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18, macOS Sonoma 14.7, and tvOS 18. The vulnerability was discovered by Denis Tokarev (@illusionofcha0s) and disclosed on September 16, 2024. The issue allows a malicious app to potentially access user-sensitive data (Apple Security).

The vulnerability is characterized as a file access issue that was addressed with improved input validation. It has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially leading to high confidentiality impact (NVD).

The primary impact of this vulnerability is that a malicious application may be able to access user-sensitive data through improper file access controls. This poses a significant privacy risk as sensitive user information could be exposed to unauthorized applications (Apple Security, Apple Security).

Apple has addressed this vulnerability by implementing improved input validation in the affected systems. Users are advised to update to the following versions: macOS Ventura 13.7, iOS 17.7, iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18, macOS Sonoma 14.7, or tvOS 18 (Apple Security).