CVE-2024-40867

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://support.apple.com/en-us/121563	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2024/Oct/9

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::

History

03 Nov 2025, 22:17

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Oct/9 -

29 Oct 2024, 17:41

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.6
First Time		Apple ipados Apple Apple iphone Os
References	~~() https://support.apple.com/en-us/121563 -~~	() https://support.apple.com/en-us/121563 - Release Notes, Vendor Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os::::::::

29 Oct 2024, 14:34

Type	Values Removed	Values Added
Summary		(es) Se solucionó un problema de manejo de esquemas de URL personalizados con una validación de entrada mejorada. Este problema se solucionó en iOS 18.1 y iPadOS 18.1. Un atacante remoto podría evadir el entorno limitado de contenido web.

28 Oct 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-28 21:15

Updated : 2025-11-03 22:17

NVD link : CVE-2024-40867

Mitre link : CVE-2024-40867

CVE.ORG link : CVE-2024-40867

JSON object : View

Products Affected

apple

ipados
iphone_os

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-40867", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-10-28T21:15:04.937", "references": [{"url": "https://support.apple.com/en-us/121563", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Oct/9", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de manejo de esquemas de URL personalizados con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en iOS 18.1 y iPadOS 18.1. Un atacante remoto podr\u00eda evadir el entorno limitado de contenido web."}], "lastModified": "2025-11-03T22:17:11.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F64554D-9F90-4871-9A0B-FB28BD52F4B3", "versionEndExcluding": "18.1"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9A26654-0DDB-4D4D-BB1E-C65C3339148E", "versionEndExcluding": "18.1"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}