CVE-2024-40836 Information

Description

A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6 macOS Sonoma 14.6 iOS 17.6 and iPadOS 17.6 iOS 16.7.9 and iPadOS 16.7.9. A shortcut may be able to use sensitive data with certain actions without prompting the user.

Reference

https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214116 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/21 http://seclists.org/fulldisclosure/2024/Jul/17 http://seclists.org/fulldisclosure/2024/Jul/18