Cyber Resilience

CVE-2024-40771

High

Published: 15 January 2025

Published
15 January 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0007 22.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-40771 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 22.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-40771 is a memory handling vulnerability affecting the kernel in multiple Apple operating systems, including iOS and iPadOS prior to versions 16.7.8 and 17.5, macOS Monterey prior to 12.7.5, macOS Sonoma prior to 14.5, macOS Ventura prior to 13.6.7, tvOS prior to 17.5, visionOS prior to 1.2, and watchOS prior to 10.5. The issue allows an app to execute arbitrary code with kernel privileges and is associated with CWE-863 (Incorrect Authorization), though detailed CWE mapping is unavailable from NVD.

Exploitation requires local access (AV:L) with low privileges (PR:L), such as a malicious app installed and executed by a user, and features low attack complexity (AC:L) with no user interaction required (UI:N). Successful attacks achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) without scope change (S:U), earning a CVSS v3.1 base score of 7.8. This enables full kernel compromise from a local app context.

Apple's security advisories, detailed at support.apple.com/en-us/120898 through 120902, state that the vulnerability was addressed via improved memory handling in the listed patched versions. Security practitioners should prioritize updating affected devices to these releases for mitigation.

EU & UK References

Vulnerability details

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app…

more

may be able to execute arbitrary code with kernel privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Kernel memory handling flaw directly enables local arbitrary code execution with kernel privileges, mapping to Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-28951Same product: Apple Ipados
CVE-2025-24173Same product: Apple Ipados
CVE-2026-20698Same product: Apple Ipados
CVE-2026-20700Same product: Apple Ipados
CVE-2026-20628Same product: Apple Ipados
CVE-2025-43520Same product: Apple Ipados
CVE-2026-28995Same product: Apple Ipados
CVE-2025-43510Same product: Apple Ipados
CVE-2025-24159Same product: Apple Ipados
CVE-2025-24085Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 16.7.8 · 17.0 — 17.5
apple
iphone os
≤ 16.7.8 · 17.0 — 17.5
apple
macos
≤ 13.6.7 · 12.0 — 12.7.5 · 13.0 — 13.6.7
apple
tvos
≤ 17.5
apple
visionos
≤ 1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely flaw remediation through patching, directly addressing the kernel memory handling vulnerability fixed in CVE-2024-40771.

prevent

Implements memory protection methods that counter memory corruption exploits enabling arbitrary kernel code execution from apps as in CVE-2024-40771.

prevent

Enforces process isolation to prevent user-space applications from accessing or executing in kernel memory space via vulnerabilities like CVE-2024-40771.

References