CVE-2024-44264 | THREATINT

Description

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious app may be able to create symlinks to protected regions of the disk.

PUBLISHED Reserved 2024-08-20 | Published 2024-10-28 | Updated 2026-04-02 | Assigner apple

Problem types

A malicious app may be able to create symlinks to protected regions of the disk

Product status

Any version before 13.7.1

affected

Any version before 14.7.1

affected

Any version before 15.1

affected

References

seclists.org/fulldisclosure/2024/Oct/13

seclists.org/fulldisclosure/2024/Oct/12

seclists.org/fulldisclosure/2024/Oct/11

support.apple.com/en-us/121564

support.apple.com/en-us/121568

support.apple.com/en-us/121570

cve.org (CVE-2024-44264)

nvd.nist.gov (CVE-2024-44264)

Download JSON