CVE-2024-40858
Unauthorized Contacts Access via Permissions Flaw in macOS Sequoia
Publication date: 2026-04-02
Last updated on: 2026-04-03
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | to 15.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a permissions issue in macOS Sequoia 15.1 where an application may be able to access the user's Contacts without obtaining the user's consent.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an app to access Contacts without user consent, which can lead to unauthorized access to personal data.
Such unauthorized access to personal information may violate privacy requirements outlined in regulations like GDPR and HIPAA, which mandate user consent and protection of personal data.
Therefore, this issue could negatively impact compliance with these common standards and regulations until it is addressed by applying the fix in macOS Sequoia 15.1.
How can this vulnerability impact me? :
The vulnerability could allow an app to access your Contacts without your permission, potentially exposing your personal or sensitive contact information to unauthorized parties.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your system to macOS Sequoia 15.1 or later, where the permissions issue has been fixed with additional restrictions to prevent unauthorized access to Contacts.