CVE-2024-40782

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Apple / iOS and iPadOS0 – 16.7.9
Apple / iOS and iPadOS0 – 17.6
Apple / macOS0 – 14.6
Apple / Safari0 – 17.6
Apple / tvOS0 – 17.6
Apple / visionOS0 – 1.3
Apple / watchOS0 – 10.6

References

VENDOR_ADVISORYhttps://support.apple.com/en-us/120908
VENDOR_ADVISORYhttps://support.apple.com/en-us/120909
VENDOR_ADVISORYhttps://support.apple.com/en-us/120911
VENDOR_ADVISORYhttps://support.apple.com/en-us/120913
VENDOR_ADVISORYhttps://support.apple.com/en-us/120914
VENDOR_ADVISORYhttps://support.apple.com/en-us/120915
VENDOR_ADVISORYhttps://support.apple.com/en-us/120916