CVE-2024-44178
EUVD-2024-4092817.09.2024, 00:15
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to modify protected parts of the file system.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apple | macos | 𝑥 < 13.7 |
| apple | macos | 14.0 ≤ 𝑥 < 14.7 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.