- Description
- This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
맥 OS(Mac OS)CVE-2024-44175 취약점 간단 분석 https://t.co/ogO6fEeyr1 #맥os #macOS
@sakaijjang
19 Dec 2024
69 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2023-5717: Linux Kernel Perf OOB write https://t.co/OrswxjrtZb 2. CVE-2023-32428: macOS LPE via Malloc Stack Logging https://t.co/rvTmmxSNLh ]-> PoC 3. CVE-2024-44175: macOS diskarbitrationd Symlink Validation (TOCTOU LPE) https://t.co/sK8bF6BUIH
@ksg93rd
30 Nov 2024
255 Impressions
5 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending Security Vulnerabilities to Watch Out For: CVE-2024-44175 CVE-2024-37397 CVE-2024-7591 CVE-2024-36401 #infosec
@UAFnUg
28 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2024-44175: macOS diskarbitrationd Symlink Validation A TOCTOU vulnerability in macOS's diskarbitrationd enables sandbox escape and privilege escalation attacks through the exploitation of symbolic links. https://t.co/4C8EEmAkFP
@hackyboiz
27 Nov 2024
3077 Impressions
17 Retweets
42 Likes
14 Bookmarks
0 Replies
0 Quotes
🍎🐛🎙️Following my #poc2024 talk we are releasing a blogpost series @KandjiMDM detailing the vulnerabilities of diskarbitrationd and storagekitd I discussed in my "Apple Disk-O Party" talk. First part is out, and covers CVE-2024-44175. https://t.co/IJzpHDOxjn
@theevilbit
8 Nov 2024
4037 Impressions
22 Retweets
75 Likes
22 Bookmarks
2 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20977171-B964-4F89-AF53-6136003EDDB2",
"versionEndExcluding": "14.7.1"
}
],
"operator": "OR"
}
]
}
]