CVE-2024-44178

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Sep 17, 2024 / Updated: 2mo ago

010
CVSS 5.5EPSS 0.05%Medium
CVE info copied to clipboard

Summary

This vulnerability affects macOS systems and allows an app to modify protected parts of the file system. The issue is related to improper validation of symlinks.

Impact

If exploited, an attacker could potentially modify protected areas of the file system, leading to system integrity compromise. This could result in unauthorized changes to critical system files, potentially leading to further system compromise or data manipulation.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Patches are available. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, and macOS Sequoia 15.

Mitigation

Update affected systems to the latest patched versions: macOS Ventura 13.7, macOS Sonoma 14.7, or macOS Sequoia 15. If immediate patching is not possible, limit access to local systems and monitor for suspicious file system activities.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-44178. See article

Sep 16, 2024 at 6:59 PM / Apple Support
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (207287)

Sep 16, 2024 at 11:15 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 16, 2024 at 11:32 PM
CVE Assignment

NVD published the first details for CVE-2024-44178

Sep 17, 2024 at 12:15 AM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Sep 17, 2024 at 12:32 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (380504)

Sep 17, 2024 at 7:53 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (380505)

Sep 17, 2024 at 7:53 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.3%)

Sep 17, 2024 at 10:05 AM
CVSS

A CVSS base score of 5.5 has been assigned.

Sep 24, 2024 at 4:30 PM / nvd
Static CVE Timeline Graph

Affected Systems

Apple/macos
+null more

Patches

support.apple.com
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

Vendor Advisory

About the security content of macOS Sequoia 15
Impact: An app may be able to access user-sensitive data Impact: An app may be able to access sensitive user data

References

About the security content of macOS Sonoma 14.7 - Apple Support
Impact: An app may be able to access user-sensitive data Impact: An app may be able to access sensitive user data
About the security content of macOS Sequoia 15
Impact: An app may be able to access user-sensitive data Impact: An app may be able to access sensitive user data
About the security content of macOS Sonoma 14.7
Impact: An app may be able to access user-sensitive data Impact: An app may be able to access sensitive user data

News

US-CERT Vulnerability Summary for the Week of September 16, 2024
n/a–n/a An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID. 2024-09-18 not yet calculated CVE-2023-28452 [email protected] [email protected] n/a–n/a Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data. 2024-09-18 not yet calculated CVE-2023-41611 [email protected] Google–Nest Wifi Pro U-Boot environment is read from unauthenticated partition. 2024-09-16 not yet calculated CVE-2024-22013 [email protected] Apple–macOS The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service. 2024-09-17 not yet calculated CVE-2024-23237 [email protected] n/a–n/a Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. 2024-09-19 not yet calculated CVE-2024-25673 [email protected] [email protected] [email protected] Apple–macOS A permissions issue was addressed with additional restrictions.
Apple Security Advisory 09-16-2024-2
Apple Security Advisory 09-16-2024-2 - macOS Sequoia 15 addresses buffer overflow, bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.
NA - CVE-2024-44178 - This issue was addressed with improved...
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the...
CVE-2024-44178 | Apple macOS up to 13.6/14.6 symlink
A vulnerability, which was classified as critical , has been found in Apple macOS up to 13.6/14.6 . Affected by this issue is some unknown functionality. The manipulation leads to symlink following. This vulnerability is handled as CVE-2024-44178 . An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
APPLE-SA-09-16-2024-9 macOS Sonoma 14.7
CVE-2024-44154: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An app may be able to access sensitive user data Description: The issue was addressed with additional code-signing restrictions. CVE-2024-40848: Mickey Jin (@patch1t) AppleVA Available for: macOS Sonoma Impact: Processing a maliciously crafted video file may lead to unexpected app termination Description: An out-of-bounds write issue was addressed with improved bounds checking.
See 20 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI