CVE-2024-44255 | THREATINT

Description

A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent.

PUBLISHED Reserved 2024-08-20 | Published 2024-10-28 | Updated 2025-11-03 | Assigner apple

Problem types

A malicious app may be able to run arbitrary shortcuts without user consent

Product status

Any version before 14.7

affected

Any version before 2.1

affected

Any version before 13.7

affected

Any version before 18.1

affected

Any version before 11.1

affected

Any version before 18.1

affected

References

seclists.org/fulldisclosure/2024/Oct/16

seclists.org/fulldisclosure/2024/Oct/15

seclists.org/fulldisclosure/2024/Oct/13

seclists.org/fulldisclosure/2024/Oct/12

seclists.org/fulldisclosure/2024/Oct/11

seclists.org/fulldisclosure/2024/Oct/9

support.apple.com/en-us/121570

support.apple.com/en-us/121566

support.apple.com/en-us/121568

support.apple.com/en-us/121569

support.apple.com/en-us/121565

support.apple.com/en-us/121563

cve.org (CVE-2024-44255)

nvd.nist.gov (CVE-2024-44255)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu