CVE-2024-44201: Use After Free
Published Oct 28, 2024
·Updated
Accessibility. The issue was addressed with improved authentication.
Other sources
Accounts. A logic issue was addressed with improved file handling.
— Apple
Apache. This is a vulnerability in open source code and Apple Software among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
— Apple
APFS. This issue was addressed through improved state management.
— Apple
App Support. A path handling issue was addressed with improved logic.
— Apple
Apple Software Restore. The issue was addressed with improved checks.
— Apple
Credit
an anonymous researcher, Ben Roeder, CVE-2024-45490, Guilherme Rambo(Best Buddy Apps), 风沐云烟@@binary_fmyy, Talal Haj Bakry(Mysk Inc), Tommy Mysk@@mysk_co(Mysk Inc), Jacob Braun, Michael DePlante@@izobashi(Trend Micro's Zero Day Initiative), Abhay Kailasia@@abhay_kailasia(C), Seunghyun Lee, Gary Kwong, sohybbyk, Joseph Ravichandran@@0xjprx(MIT CSAIL), Benjamin Hornbeck(ZUSO ART), Skadz@@skadz108(ZUSO ART), Chi Yuan Chang(ZUSO ART), taikosoup, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Junsung Lee(Trend Micro Zero Day Initiative), Arsenii Kostromin (0x3c3e), Mickey Jin@@patch1t(Kandji), Csaba Fitzl@@theevilbit(Kandji), D4m0n, Mickey Jin@@patch1t, CertiK SkyFall Team, Dillon Franke(Google Project Zero), Michael Cohen, D’Angelo Gonzalez(CrowdStrike), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Kirin@@Pwnrin, 7feilee, Bohdan Stasiuk@@Bohdan_Stasiuk, Halle Winkler, Politepix (theoffcuts.org), Amy@@asentientbot, Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Rodolphe BRUNETTI@@eisw0lf, CVE-2024-45306, Politepix theoffcuts.org, Trent Lloyd@@lathiat, K宝@@Pwnrin, pattern-f@@pattern_F_(Loadshine Lab), Hikerell(Loadshine Lab), Wang Yu(Cyberserval), Jex Amro, Ye Zhang@@VAR10CK(Baidu Security), Ziyi Zhou Jiao Tong University)@@Shanghai, Tianxiao Hou Jiao Tong University)@@Shanghai, Mateusz Krzywicki@@krzywix, Hichem Maloufi, Christian Mina, Ismail Amzdak, Nimrat Khalsa, James Gill @infosec.exchange)@@jjtech, Dragon Fruit Security (Davis Dai, ORAC Luoyun, Frank Du cooperative discovery), an anonymous researcher(Dawn Security Lab of JD), Yinyi Wu@@_3ndy1(Dawn Security Lab of JD), Narendra Bhati(Cyber Security at Suma Soft Pvt), Manager(Cyber Security at Suma Soft Pvt), Pune (India), Lucas Di Tomase, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), (Indiana University Bloomington), Luyi Xing(Indiana University Bloomington), Bistrit Dahal, Kenneth Chew, Rodolphe Brunetti@@eisw0lf, Abhay Kailasia@@abhay_kailasia(Lakshmi Narain College of Technology Bhopal India), Srijan Poudel, Cristian Dinca (icmd.tech), Rizki Maulana (rmrizki.my.id), Dalibor Milanovic, Richard Hyunho Im with Route Zero Security@@richeeta, Braylon@@softwarescool, Wojciech Regula(SecuRing), Q1IQ@@q1iqF, P1umer@@p1umer, Ivan Fratric(Google Project Zero), Matthew Butler, Jake Derouin, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, Alexandre Bedard, Ronny Stiftel, Zhongquan Li@@Guluisacat, Garrett Moon(Excited Pixel LLC), Toomas Römer, Jaime Bertran, Noah Gregory (wts.dev), Un3xploitable(CW Research Inc), Bohdan Stasiuk@@Bohdan_Stasiuk(CW Research Inc), Pedro Tôrres@@t0rr3sp3dr0, Ryan Dowd@@_rdowd, Gergely Kalman@@gergely_kalman, Csaba Fitzl@@theevilbit, dw0r!(Trend Micro Zero Day Initiative)
Affected Software
11 affected componentsFixes available
macOS<15.1
15.1
Apple iOS and iPadOS<18.1
18.1
Apple iOS, iPadOS, and macOS<18.1
18.1
Apple iOS, iPadOS, and macOS<17.7.3
Apple iOS, iPadOS, and macOS>=18.0<18.1
iPhone OS<18.1
macOS>=13.0<13.7.2
macOS>=14.0<14.7.2
Apple iOS, iPadOS, and macOS<17.7.3
17.7.3
Apple macOS<14.7.2
14.7.2
macOS Ventura<13.7.2
13.7.2
Event History
Oct 28, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Dec 11, 2024
CVE Published
via MITRE·10:59 PM
Data Sourced
via MITRE·10:59 PM
DescriptionWeakness
Dec 12, 2024
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeaknessAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2024-54488
- CVE-2024-54486
- CVE-2024-54500
- CVE-2024-54468
- CVE-2024-54494
- CVE-2024-54510
- CVE-2024-44245
- CVE-2024-44201
- CVE-2024-45490
- CVE-2025-24091
- CVE-2024-44225
- CVE-2024-54492
- CVE-2024-44246
- CVE-2024-54501
- CVE-2024-54485
- CVE-2024-54479
- CVE-2024-54505
- CVE-2024-54541
- CVE-2024-54477
- CVE-2024-44220
- CVE-2024-54527
- CVE-2024-54526
- CVE-2024-54509
- CVE-2024-54529
- CVE-2024-44300
- CVE-2024-54466
- CVE-2024-54489
- CVE-2024-54547
- CVE-2024-54519
- CVE-2024-54478
- CVE-2024-54514
- CVE-2024-54474
- CVE-2024-54476
- CVE-2024-54537
- CVE-2024-44248
- CVE-2024-54557
- CVE-2024-54516
- CVE-2024-54528
- CVE-2024-54498
- CVE-2024-44291
- CVE-2024-44224
- CVE-2024-54495
- CVE-2024-54520
- CVE-2024-54475
- CVE-2024-45306
- CVE-2024-54539
- CVE-2024-44274
- CVE-2024-44255
- CVE-2024-44232
- CVE-2024-44233
- CVE-2024-44234
- CVE-2024-54535
- CVE-2024-44273
- CVE-2024-44240
- CVE-2024-44302
- CVE-2024-44282
- CVE-2024-40854
- CVE-2024-44215
- CVE-2024-44297
- CVE-2024-44299
- CVE-2024-44241
- CVE-2024-44242
- CVE-2024-44238
- CVE-2024-44285
- CVE-2024-40867
- CVE-2024-44239
- CVE-2024-44258
- CVE-2024-44252
- CVE-2024-44277
- CVE-2024-44259
- CVE-2024-44229
- CVE-2024-44218
- CVE-2024-54538
- CVE-2024-44254
- CVE-2024-44269
- CVE-2024-54470
- CVE-2024-44194
- CVE-2024-40851
- CVE-2024-44263
- CVE-2024-44278
- CVE-2024-44200
- CVE-2024-44251
- CVE-2024-44235
- CVE-2024-44261
- CVE-2024-44290
- CVE-2024-44212
- CVE-2024-44296
- CVE-2024-44244
- CVE-2024-54556
- CVE-2024-39573
- CVE-2024-38477
- CVE-2024-38476
- CVE-2024-44270
- CVE-2024-44280
- CVE-2024-44260
- CVE-2024-44298
- CVE-2024-44295
- CVE-2024-54554
- CVE-2024-44213
- CVE-2024-44289
- CVE-2024-44265
- CVE-2024-44216
- CVE-2024-44287
- CVE-2024-44197
- CVE-2024-44286
- CVE-2024-40849
- CVE-2024-44231
- CVE-2024-44223
- CVE-2024-44222
- CVE-2024-44256
- CVE-2024-54471
- CVE-2024-44292
- CVE-2024-44293
- CVE-2024-44247
- CVE-2024-44267
- CVE-2024-44301
- CVE-2024-44275
- CVE-2024-44303
- CVE-2024-44156
- CVE-2024-44159
- CVE-2024-44253
- CVE-2024-44294
- CVE-2024-44196
- CVE-2024-40858
- CVE-2024-44195
- CVE-2024-44219
- CVE-2024-44211
- CVE-2024-44236
- CVE-2024-44237
- CVE-2024-44279
- CVE-2024-44281
- CVE-2024-44283
- CVE-2024-44284
- CVE-2024-44210
- CVE-2024-44264
- CVE-2024-44257
- CVE-2024-44250
Frequently Asked Questions
1
What is the severity of CVE-2024-44201?
CVE-2024-44201 has been classified as a high severity vulnerability due to the potential for unauthorized access resulting from logic issues in file handling.
2
How do I fix CVE-2024-44201?
To mitigate CVE-2024-44201, users should update their affected Apple products to the latest versions as specified in the security advisory.
3
What products are affected by CVE-2024-44201?
CVE-2024-44201 affects various versions of macOS Ventura, macOS Sonoma, macOS Sequoia, iOS, and iPadOS.
4
Is there any workaround for CVE-2024-44201?
There are no known workarounds for CVE-2024-44201; the best course of action is to apply the recommended updates.
5
What type of vulnerability is CVE-2024-44201?
CVE-2024-44201 is categorized as a logic issue related to file handling that affects the accessibility of user accounts.