CVE-2024-44258

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Oct 28, 2024

010
CVSS 7.1EPSS 0.05%High
CVE info copied to clipboard

Description: This issue was addressed with improved handling of symlinks.Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Timeline

Vendor Advisory

Apple released a security advisory (121567).

Oct 28, 2024 at 4:00 PM
Vendor Advisory

Apple released a security advisory (121569).

Oct 28, 2024 at 4:00 PM
Vendor Advisory

Apple released a security advisory (121566).

Oct 28, 2024 at 4:00 PM
Vendor Advisory

Apple released a security advisory (121563).

Oct 28, 2024 at 4:01 PM
First Article

Feedly found the first article mentioning CVE-2024-44258. See article

Oct 28, 2024 at 4:04 PM / Main stream | The Taggart Institute Intel Center
CVE Assignment

NVD published the first details for CVE-2024-44258

Oct 28, 2024 at 9:15 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.7%)

Oct 29, 2024 at 9:40 AM
CVSS

A CVSS base score of 7.1 has been assigned.

Oct 30, 2024 at 6:30 PM / nvd
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (610589)

Oct 31, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Apple/tvos
+null more

Patches

Apple
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

Vendor Advisory

About the security content of tvOS 18.1 - Apple Support
Impact: Impact: Processing maliciously crafted web content may lead to an unexpected process crash Impact: Impact: Processing maliciously crafted web content may lead to an unexpected process crash

References

About the security content of tvOS 18.1 - Apple Support
Impact: Impact: Processing maliciously crafted web content may lead to an unexpected process crash Impact: Impact: Processing maliciously crafted web content may lead to an unexpected process crash
About the security content of iOS 17.7.1 and iPadOS 17.7.1 - Apple Support
Impact: Impact: Processing a maliciously crafted file may lead to unexpected app termination Impact: Impact: Processing a maliciously crafted file may lead to unexpected app termination

News

GitHub - ifpdz/CVE-2024-44258: CVE-2024-44258 [app]
CVE-2024-44258 is a symlink vulnerability in Apple devices' ManagedConfiguration framework and profiled daemon, allowing unauthorized file migration into restricted areas during backup restoration, which was addressed by Apple through improved symlink handling to prevent unauthorized data access or privilege escalation.
SANS NewsBites Vol. 26 Num. 86 : Google Cloud is Rolling Out Mandatory MFA; Interpol Operation Targets Ransomware, Phishing, and Info Stealers; German Legislation Aims to Protect Legitimate Cybersecurity Research
The 26-year-old was taken into custody under a provisional US arrest warrant, and appeared in court on November 5, 2024 "as part of extradition proceedings." Mandiant has been tracking threat cluster UNC5537 and its compromise and sale of Snowflake-stored data since April, 2024, and believes that the cloud storage accounts were breached using credentials previously stolen and leaked in infostealer attacks; the accounts in question were not protected by MFA. On Wednesday, November 6, Cisco released updates to address a critical command injection vulnerability in the web-based management interface of their Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points.
ISC StormCast for Thursday, November 7th, 2024
Insights from August Web Traffic Surge https://isc.sans.edu/forums/diary/%5BGuest%20Diary%5D%20Insights%20from%20August%20Web%20Traffic%20Surge/31408/ Talkative Air Fryer https://www.which.co.uk/policy-and-insight/article/why-is-my-air-fryer-spying-on-me-which-reveals-the-smart-devices-gathering-your-data-and-where-they-send-it-a9Fa24K6gY1c Pygmy Goat Malware Report https://www.ncsc.gov.uk/section/keep-up-to-date/malware-analysis-reports Apple CVE-2024-44258 PoC Exploit https://github.com/if
PoC Exploit Releases for Critical Symlink Flaw in Apple’s iOS – CVE-2024-44258
When restoring a crafted backup, the migration fails to verify if the destination folder is a symlink, allowing files to be redirected to protected locations. This vulnerability allows attackers to manipulate the backup restoration process to access restricted areas, potentially exposing sensitive system files.
US-CERT Vulnerability Summary for the Week of October 28, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High : vulnerabilities with a CVSS base score of 7.0–10.0 Medium : vulnerabilities with a CVSS base score of 4.0–6.9 Low : vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available.
See 30 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI