Overview
- Description
- This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.
- Source
- product-security@apple.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
https://t.co/WYpJ6ScViw CVE-2024-44258: Symlink Vulnerability in ManagedConfiguration Framework #github #exploit
@ksg93rd
7 Nov 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-49328 WP REST API FNS <= 1.0 - Privilege Escalation https://t.co/CaLIZIjpjx 2. CVE-2024-44258: Symlink Vulnerability in Apple ManagedConfiguration Framework https://t.co/WYpJ6ScnsY
@ksg93rd
7 Nov 2024
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-49328 WP REST API FNS <= 1.0 - Privilege Escalation https://t.co/B2XQSmM1Si 2. CVE-2024-44258: Symlink Vulnerability in Apple ManagedConfiguration Framework https://t.co/ZSG5HB1MBI
@akaclandestine
7 Nov 2024
1849 Impressions
10 Retweets
26 Likes
8 Bookmarks
0 Replies
0 Quotes
iOSにおける深刻なシンボリックリンクの脆弱性CVE-2024-44258に対応するPoC(攻撃の概念実証コード)が公開された。バックアップ復旧プロセスを操作することで制限された領域にアクセスし、機微ファイルの露出につながる可能性があるもの。 https://t.co/y0wDaUt8hO
@__kokumoto
6 Nov 2024
1529 Impressions
10 Retweets
20 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2024-44258 Write-Up: This represents a potential method for jailbreaking, but it's only one part of the broader jailbreaking process. https://t.co/PMJwT0ZVvj
@ZeeIpaLibrary
4 Nov 2024
5080 Impressions
5 Retweets
34 Likes
8 Bookmarks
1 Reply
0 Quotes
Check-out the full write-up about CVE-2024-44258 in my official GitHub page : https://t.co/lNooUHh9Nk
@hichem_ifpdz
2 Nov 2024
12242 Impressions
18 Retweets
94 Likes
23 Bookmarks
14 Replies
0 Quotes
🗞️SparseRestore was fixed with the iOS 18.1 Release (CVE-2024-44258). This issue was adressed to Apple by peopel behind iRemoval PRO and Minacriss Tools –iCloud Bypass Software using exploits to activate iPhones 🤣 https://t.co/Z4O4ZLGgvz #SparseRestore #misakaX #Nugget #iOS18
@onejailbreak_
28 Oct 2024
4894 Impressions
7 Retweets
35 Likes
7 Bookmarks
1 Reply
1 Quote
CVE-2024-44258 By ifpdz & Mina 🥋 https://t.co/BgQs6gANXK
@hichem_ifpdz
28 Oct 2024
11176 Impressions
10 Retweets
79 Likes
3 Bookmarks
20 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F42291CA-6AC4-4F11-AC23-B3FE25139483",
"versionEndExcluding": "17.7.1"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012",
"versionEndExcluding": "18.1",
"versionStartIncluding": "18.0"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "468FFF6F-879C-4AF4-BC42-6A1AA30441C3",
"versionEndExcluding": "17.7.1"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5",
"versionEndExcluding": "18.1",
"versionStartIncluding": "18.0"
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D57FCAE-9B33-4532-BC69-BC3D35719EDB",
"versionEndExcluding": "18.1"
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15E4723D-CD2B-4486-A69C-27F843844A80",
"versionEndExcluding": "2.1"
}
],
"operator": "OR"
}
]
}
]