CVE-2024-40775 is a vulnerability identified in Apple macOS that allows an application to leak sensitive user information due to a downgrade issue related to code-signing enforcement. Code-signing is a security mechanism that ensures only trusted and verified applications run with certain privileges. The downgrade flaw allowed an attacker to bypass these restrictions by reverting to less strict code-signing policies, enabling an app to access sensitive data it should not have. This vulnerability affects multiple macOS versions prior to the patched releases: Monterey 12.7.6, Sonoma 14.6, and Ventura 13.6.8. The vulnerability requires the attacker to have local access and low privileges (PR:L), does not require user interaction (UI:N), and impacts confidentiality (C:H) but not integrity or availability. The CVSS v3.1 base score is 5.5, reflecting a medium severity level. The vulnerability is categorized under CWE-200, which relates to information exposure. Apple addressed the issue by implementing additional code-signing restrictions to prevent downgrade attacks that could circumvent security controls. No public exploits or active attacks have been reported so far, but the potential for sensitive data leakage makes timely patching essential.

The primary impact of CVE-2024-40775 is the unauthorized disclosure of sensitive user information on affected macOS systems. This could include personal data, credentials, or other confidential information accessible to the compromised application. Since the vulnerability requires local access and low privileges, attackers would need to have some foothold on the system, such as through a malicious app installation or compromised user account. The lack of requirement for user interaction increases the risk of stealthy data leakage. While the vulnerability does not affect system integrity or availability, the confidentiality breach can lead to privacy violations, identity theft, or further escalation if sensitive credentials are exposed. Organizations relying on macOS devices for sensitive operations, especially in sectors like finance, healthcare, and government, could face increased risk of data breaches. The medium severity rating suggests a moderate but non-trivial threat that should be addressed promptly to maintain security posture.

To mitigate CVE-2024-40775, organizations and users should immediately apply the security updates released by Apple for macOS Monterey 12.7.6, Sonoma 14.6, and Ventura 13.6.8 or later. Beyond patching, organizations should enforce strict application control policies to limit the installation and execution of untrusted or unsigned applications. Employ endpoint protection solutions that monitor for anomalous app behavior and privilege escalation attempts. Regularly audit installed applications and user privileges to reduce the attack surface. Educate users about the risks of installing unverified software and maintain strict controls over local user accounts to prevent unauthorized app installations. Additionally, implement network segmentation and monitoring to detect lateral movement if an attacker gains local access. Since the vulnerability exploits a code-signing downgrade, ensuring that code-signing enforcement policies are not weakened by configuration changes is critical. Finally, maintain an up-to-date inventory of macOS devices and their patch status to ensure timely remediation.