CVE-2024-44224 - Vulnerability Details

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Apple	Macos

Configuration 1 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Dec/7
http://seclists.org/fulldisclosure/2024/Dec/8
http://seclists.org/fulldisclosure/2024/Dec/9
https://support.apple.com/en-us/121839
https://support.apple.com/en-us/121840
https://support.apple.com/en-us/121842

History

Mon, 03 Nov 2025 22:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2024/Dec/7 http://seclists.org/fulldisclosure/2024/Dec/8 http://seclists.org/fulldisclosure/2024/Dec/9

Fri, 20 Dec 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 18 Dec 2024 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos
Weaknesses		CWE-276
CPEs		cpe:2.3:o:apple:macos::::::::
Vendors & Products		Apple Apple macos
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Wed, 11 Dec 2024 23:00:00 +0000

Type	Values Removed	Values Added
Description		A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges.
References		https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-12-11T22:57:54.232Z

Updated: 2025-11-03T22:08:45.787Z

Reserved: 2024-08-20T21:45:40.783Z

Link: CVE-2024-44224

Vulnrichment

Updated: 2025-11-03T22:08:45.787Z

NVD

Status : Modified

Published: 2024-12-12T02:15:23.687

Modified: 2025-11-03T22:18:27.057

Link: CVE-2024-44224

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object