CVE-2024-44156

A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.
References
Link Resource
https://support.apple.com/en-us/121568 Release Notes Vendor Advisory
https://support.apple.com/en-us/121570 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

History

30 Oct 2024, 19:35

Type Values Removed Values Added
CWE CWE-862

29 Oct 2024, 17:33

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1
CPE cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Apple macos
Apple
References () https://support.apple.com/en-us/121568 - () https://support.apple.com/en-us/121568 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121570 - () https://support.apple.com/en-us/121570 - Release Notes, Vendor Advisory

29 Oct 2024, 14:34

Type Values Removed Values Added
Summary
  • (es) Se solucionó una vulnerabilidad de eliminación de ruta al evitar que el código vulnerable se ejecutara con privilegios. Este problema se solucionó en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Es posible que una aplicación pueda eludir las preferencias de privacidad.

28 Oct 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-28 21:15

Updated : 2024-10-30 19:35


NVD link : CVE-2024-44156

Mitre link : CVE-2024-44156

CVE.ORG link : CVE-2024-44156


JSON object : View

Products Affected

apple

  • macos
CWE
NVD-CWE-noinfo CWE-862

Missing Authorization