CVE-2024-40862

Published Sep 17, 2024

Last updated 2 months ago

CVSS medium 5.3

Overview

Description: A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer.
Source: product-security@apple.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-200

Hype score: Not currently trending

🟠 #Apple Xcode (Updated) Privacy Issue (#CVE-2024-40862) Medium https://t.co/6MZmZkrnO4
@dailycve
12 Dec 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6894DFF1-7930-4DF7-88CF-EB6C7E36336F",
            "versionEndExcluding": "16.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References