CVE-2024-40775 is a vulnerability identified in Apple macOS operating systems that allows an application to potentially leak sensitive user information. The root cause is a downgrade issue related to code-signing restrictions, which could permit an app to bypass certain security checks and access data it should not be able to. This vulnerability affects multiple macOS versions, including Sonoma 14.6, Monterey 12.7.6, and Ventura 13.6.8, where the issue has been addressed through additional code-signing enforcement. The CVSS 3.1 score is 5.5 (medium), with an attack vector classified as local (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and impacting confidentiality (C:H) but not integrity or availability. The vulnerability is categorized under CWE-200 (Exposure of Sensitive Information). Exploitation requires an attacker to have local access and limited privileges on the system, but no user interaction is necessary, making it a concern for environments where untrusted or malicious apps might be installed or executed. No known exploits have been reported in the wild to date. The vulnerability’s fix involves enhanced code-signing restrictions that prevent downgrade attacks, thereby limiting unauthorized data access by applications.

For European organizations, the primary impact of CVE-2024-40775 is the potential unauthorized disclosure of sensitive user information on affected macOS systems. This could lead to privacy violations, leakage of confidential corporate data, or exposure of personal information, which may have regulatory implications under GDPR. The vulnerability does not affect system integrity or availability, so it is less likely to cause operational disruptions or data tampering. However, the ease of exploitation by a local app with limited privileges means that insider threats or compromised endpoints could leverage this flaw to escalate data exposure risks. Organizations with significant macOS deployments, especially in sectors such as finance, healthcare, and government, may face increased risk. The absence of user interaction requirements increases the stealth and reliability of potential exploitation. While no active exploits are known, the vulnerability should be treated seriously to prevent future abuse.

European organizations should prioritize updating affected macOS systems to versions Sonoma 14.6, Monterey 12.7.6, or Ventura 13.6.8 or later, where the vulnerability is patched. Beyond patching, organizations should enforce strict application control policies, such as using Apple’s System Integrity Protection (SIP) and notarization requirements to restrict the execution of untrusted or unsigned applications. Endpoint detection and response (EDR) solutions should be configured to monitor for suspicious local app behaviors that attempt to access sensitive data. Limiting local user privileges and employing least privilege principles can reduce the risk of exploitation. Regular audits of installed applications and software inventories can help identify potentially malicious or outdated software. Additionally, organizations should educate users about the risks of installing unverified applications and maintain robust endpoint security hygiene. Network segmentation and data access controls can further limit the impact of any data leakage.