CVE-2024-44168

MEDIUM

Apple Macos < 13.7 - Uncontrolled Search Path

Title source: rule

Description

A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.

References (6)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/121234

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/121238

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/121247

[Mailing List] http://seclists.org/fulldisclosure/2024/Sep/33

[Mailing List] http://seclists.org/fulldisclosure/2024/Sep/40

[Mailing List] http://seclists.org/fulldisclosure/2024/Sep/41

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 6.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-114 CWE-427

Status published

Affected Products (1)

apple/macos < 13.7

Timeline

Published Sep 17, 2024

Tracked Since Feb 18, 2026