CVE-2024-44132

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
References
Link Resource
https://support.apple.com/en-us/121238 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

History

12 Dec 2024, 15:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 8.8
References () https://support.apple.com/en-us/121238 - () https://support.apple.com/en-us/121238 - Vendor Advisory
CPE cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
CWE CWE-59
First Time Apple
Apple macos

17 Sep 2024, 20:35

Type Values Removed Values Added
Summary
  • (es) Este problema se solucionó con un manejo mejorado de los enlaces simbólicos. Este problema se solucionó en macOS Sequoia 15. Es posible que una aplicación pueda salir de su entorno limitado.
CWE CWE-61
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.4

17 Sep 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-17 00:15

Updated : 2024-12-12 15:07


NVD link : CVE-2024-44132

Mitre link : CVE-2024-44132

CVE.ORG link : CVE-2024-44132


JSON object : View

Products Affected

apple

  • macos
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-61

UNIX Symbolic Link (Symlink) Following