CVE-2024-44182: Infoleak
Published Sep 16, 2024
·Updated
Accounts. A permissions issue was addressed with additional restrictions.
Credit
Kirin@@Pwnrin, Stephan Casas, an anonymous researcher, Mickey Jin@@patch1t, Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Anton Boegler, Snoolie Keffaber@@0xilis, Csaba Fitzl@@theevilbit(Kandji), Denis Tokarev@@illusionofcha0s, dw0r(ZeroPointer Lab working with Trend Micro Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Antonio Zekić, Andrew Lytvynov, Rodolphe BRUNETTI@@eisw0lf, Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Olivier Levon, ajajfxhj, Rifa'i Rejal Maynando, Zhongquan Li@@Guluisacat, Kirin@@Pwnrin(NorthSea), luckyu@@uuulucky(NorthSea), Bohdan Stasiuk@@Bohdan_Stasiuk, CVE-2024-44129, Pwn2car(Trend Micro Zero Day Initiative), Holger Fuhrmannek, Junsung Lee, Pedro José Pereira Vieito@@pvieito, Arsenii Kostromin (0x3c3e), Yiğit Can YILMAZ@@yilmazcanyigit, Pedro Tôrres@@t0rr3sp3dr0, CVE-2024-44130, Halle Winkler, Politepix@@hallewinkler, Rodolphe Brunetti@@eisw0lf, CVE-2023-4504, @@08Tc3wBB(Jamf), Alexander Heinrich, SEEMOO, DistriNet, KU Leuven@@vanhoefm, TU Darmstadt@@Sn0wfreeze, Mathy Vanhoef, Jeff Johnson (underpassapp.com), OSS-Fuzz(Google Project Zero), Ned Williamson(Google Project Zero), CVE-2023-5841, Meng Zhang (鲸落)(NorthSea), Brian McNulty(Computer Science), Cristian Dinca(Computer Science), Romania, Vaibhav Prajapati, CVE-2024-39894, Wojciech Regula(SecuRing), Narendra Bhati(Cyber Security at Suma Soft Pvt), Manager(Cyber Security at Suma Soft Pvt), Pune (India), Yiğit Can YILMAZ@@yilmazcanyigit(SecuRing), 냥냥, Vivek Dhar, working as Assistant Sub-Inspector (RM) in Border Security Force (Frontier Headquarter BSF Kashmir), Om Kothawade(the UNTHSC College of Pharmacy), Omar A. Alanis(the UNTHSC College of Pharmacy), Bistrit Dahal, Matej Moravec@@MacejkoMoravec, K宝, LFY@@secsys, Smi1e, yulige, Cristian Dinca (icmd.tech), Ron Masas(BreakPoint), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), CVE-2024-41957, Narendra Bhati(Cyber Security At Suma Soft Pvt), Manager(Cyber Security At Suma Soft Pvt), Tashita Software Security, Ron Masas, Hafiizh(HakTrak), YoKo Kho@@yokoacc(HakTrak), Tim Michaud@@TimGMichaud(Moveworks), Antonio Zekic@@antoniozekic, ant4g0nist, Charly Suchanek, CVE-2024-44134, Preet Dsouza (Fleming College, Computer Security & Investigations Program), Domien Schepers, Tim Clem, Gergely Kalman@@gergely_kalman, Koh M. Nakagawa@@tsunek0h
Affected Software
5 affected componentsFixes available
Apple macOS<14.7
14.7
macOS<15
15
macOS<13.7
macOS>=14.0<14.7
macOS Ventura<13.7
13.7
Event History
Sep 16, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
CVE Published
via MITRE·11:22 PM
Data Sourced
via MITRE·11:22 PM
DescriptionWeakness
Sep 17, 2024
Data Sourced
via NVD·12:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-44182?
CVE-2024-44182 has been rated with a moderate severity level due to the permissions issue it addresses.
2
How do I fix CVE-2024-44182?
To fix CVE-2024-44182, update your macOS to the latest version that addresses the permissions issue.
3
Which versions of macOS are affected by CVE-2024-44182?
CVE-2024-44182 affects macOS versions prior to 13.7 and between 14.0 and 14.7.
4
What type of issue is described in CVE-2024-44182?
CVE-2024-44182 describes a permissions issue that has been addressed with additional restrictions and improved checks.
5
Is my device vulnerable to CVE-2024-44182 if I have macOS 14.0?
Yes, if you are running macOS 14.0, your device is vulnerable to CVE-2024-44182 and should be updated.