CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-44175

High Severity
Apple
SVRS
57/100
CVSSv3
5.5/10
EPSS
0.0014/1

CVE-2024-44175 is a vulnerability in macOS Sequoia 15 and macOS Sonoma 14.7.1 related to improper validation of symlinks, potentially allowing an application to access sensitive user data. The issue has been addressed with improved validation of symlinks in the updated macOS versions. Although the CVSS score is 5.5, the SOCRadar Vulnerability Risk Score (SVRS) is 57, indicating a moderate risk. This means while not critical, the vulnerability should be addressed to prevent unauthorized access to sensitive information. The risk involves potential data breach by malicious applications exploiting the symlink flaw. Users of affected macOS versions should update to the latest patched versions to mitigate this vulnerability and protect user data.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2024-10-28
LAST MODIFIED2024-10-30
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-44175 is a vulnerability in macOS Sequoia 15 and macOS Sonoma 14.7.1, impacting applications' ability to access sensitive user data. This vulnerability is due to improper validation of symlinks (symbolic links), which allows malicious actors to potentially manipulate file paths and access sensitive information. While the CVSS score is 5.5, the SOCRadar Vulnerability Risk Score (SVRS) is 59, indicating a moderate risk level.

Key Insights

  • Potential for Data Theft: The vulnerability allows attackers to potentially gain unauthorized access to sensitive user data by manipulating symlinks within the operating system.
  • Exploitation in the Wild: This vulnerability is currently being actively exploited by hackers, as indicated by the "In The Wild" tag.
  • Lack of Patch for Earlier macOS Versions: This vulnerability has been patched in macOS Sequoia 15 and macOS Sonoma 14.7.1, but older versions of macOS remain vulnerable.

Mitigation Strategies

  • Immediate Patching: Users should promptly update their macOS devices to the latest versions (macOS Sequoia 15 and macOS Sonoma 14.7.1) to address this vulnerability.
  • Application Whitelisting: Implement application whitelisting policies to restrict the execution of unauthorized or untrusted applications, reducing the risk of malicious software exploiting this vulnerability.
  • Symlink Auditing: Regularly audit symlinks within your system to ensure they are properly configured and do not point to unauthorized locations.
  • Security Awareness Training: Train users about the risks of opening suspicious emails, clicking on malicious links, or downloading software from untrusted sources.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Apple Updates Everything, (Mon, Oct 28th)
2024-10-28
Apple Updates Everything, (Mon, Oct 28th) | Today, Apple released updates for all of its operating systems. These updates include new AI features. For iOS 18 users, the only upgrade path is iOS 18.1, which includes the AI features. Same for users of macOS 15 Sequoia. For older operating systems versions (iOS 17, macOS 13, and 14), patches are made available, addressing only the security issues.
Today, Apple released updates for all of its operating systems. These updates include new AI features. For iOS 18 users, the only upgrade path is
sans.edu
rss
forum
news
CVE-2024-44175 | Apple macOS up to 14.6 symlink
vuldb.com2024-10-29
CVE-2024-44175 | Apple macOS up to 14.6 symlink | A vulnerability was found in Apple macOS up to 14.6. It has been classified as critical. This affects an unknown part. The manipulation leads to symlink following. This vulnerability is uniquely identified as CVE-2024-44175. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news

Social Media

[1day1line] CVE-2024-44175: macOS diskarbitrationd Symlink Validation A TOCTOU vulnerability in macOS's diskarbitrationd enables sandbox escape and privilege escalation attacks through the exploitation of symbolic links. https://t.co/4C8EEmAkFP
0
0
0
Uncovering Apple Vulnerabilities : The diskarbitrationd and storagekitd Audit Story (Part 1) : https://t.co/DHp7mGm4G5 credits @theevilbit @KandjiMDM #CVE-2024-44175 https://t.co/kkgcGjRSWP
0
2
4

Affected Software

Configuration 1
TypeVendorProduct
OSApplemacos

References

ReferenceLink
[email protected]https://support.apple.com/en-us/121238
[email protected]https://support.apple.com/en-us/121570

CWE Details

CWE IDCWE NameDescription
CWE-922Insecure Storage of Sensitive InformationThe software stores sensitive information without properly limiting read or write access by unauthorized actors.
CWE-59Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence