Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.
Published: 2024-07-29
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-38674 A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. A shortcut may be able to use sensitive data with certain actions without prompting the user.
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. A shortcut may be able to use sensitive data with certain actions without prompting the user. A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.
References

Tue, 04 Nov 2025 18:30:00 +0000

Type Values Removed Values Added
References

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00177}

 epss

{'score': 0.00135}

Thu, 13 Mar 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipad Os
Weaknesses CWE-200
CPEs cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Vendors & Products Apple ipad Os
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Wed, 11 Dec 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple watchos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple watchos
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Apple Ipad Os Ipados Iphone Os Macos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:14:05.190Z

Reserved: 2024-07-10T17:11:04.705Z

Link: CVE-2024-40836

cve-icon Vulnrichment

Updated: 2025-11-04T17:26:53.838Z

cve-icon NVD

Status : Modified

Published: 2024-07-29T23:15:14.570

Modified: 2026-04-02T19:17:54.613

Link: CVE-2024-40836

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses