CVE-2024-44175
28.10.2024, 21:15
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data.
| Vendor | Product | Version |
|---|---|---|
| apple | macos | 𝑥 < 14.7.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
- CWE-922 - Insecure Storage of Sensitive InformationThe software stores sensitive information without properly limiting read or write access by unauthorized actors.