Description
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.
Published: 2026-04-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Filesystem tampering
Action: Immediate Patch
AI Analysis

Impact

A malicious application can alter protected areas of the macOS file system. This allows an attacker to change system files or user data, potentially installing malware or disabling services. The weakness is improper authorization checks, classified as CWE‑284. The breach primarily compromises integrity and can lead to system instability or a full compromise of the operating environment.

Affected Systems

Apple’s macOS operating system. All releases prior to macOS Sequoia 15.1 are affected because the flaw was patched in that update. The vulnerability is present in the system’s file‑system protection mechanisms, so any macOS device running an older version without the update is at risk.

Risk and Exploitability

The CVSS base score of 7.5 indicates a high risk of damage. EPSS is below 1 %, suggesting few attackers have attempted or succeeded in exploiting this weakness, and it is not listed in CISA’s KEV catalog. Likely exploitation requires local or remote code execution via a malicious application that bypasses the incorrect authorization logic; the attack surface appears to be the app installation or execution path. Because the vector is not described in detail, the exact method is inferred. The overall risk remains moderate to high for systems that have not applied the 15.1 update.

Generated by OpenCVE AI on April 3, 2026 at 20:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to version Sequoia 15.1 or later
  • Verify that the update is installed by checking the system version
  • Enable System Integrity Protection to restrict modifications to protected files
  • Monitor system directories and review application access logs for unauthorized changes

Generated by OpenCVE AI on April 3, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/121564 cve-icon cve-icon
History

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Title Malicious application may modify protected filesystem areas in macOS

Fri, 03 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Malicious application may modify protected filesystem areas in macOS
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T19:55:04.427Z

Reserved: 2024-08-20T21:45:40.799Z

Link: CVE-2024-44303

cve-icon Vulnrichment

Updated: 2026-04-02T19:53:36.947Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T19:18:38.960

Modified: 2026-04-03T17:53:39.037

Link: CVE-2024-44303

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:17:13Z

Weaknesses