CVE-2024-44264
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
Published: Oct 28, 2024
010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard
Description: The issue was addressed with improved checks.Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Timeline
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (380785)
Oct 28, 2024 at 7:53 AM
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (380784)
Oct 28, 2024 at 7:53 AM
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (380786)
Oct 28, 2024 at 7:53 AM
First Article
Feedly found the first article mentioning CVE-2024-44264. See article
Oct 28, 2024 at 4:04 PM / Main stream | The Taggart Institute Intel Center
CVE Assignment
NVD published the first details for CVE-2024-44264
Oct 28, 2024 at 9:15 PM
EPSS
EPSS Score was set to: 0.04% (Percentile: 9.9%)
Oct 29, 2024 at 9:41 AM
Affected Systems
Apple/macos
+null more
Patches
Apple
+null more
Links to Mitre Att&cks
T1547.009: Shortcut Modification
+null more
Attack Patterns
CAPEC-132: Symlink Attack
+null more
Vendor Advisory
About the security content of macOS Sonoma 14.7.1 - Apple Support
Description: An information disclosure issue was addressed with improved private data redaction for log entries. Description: An information disclosure issue was addressed with improved private data redaction for log entries.
References
About the security content of macOS Sonoma 14.7.1 - Apple Support
Description: An information disclosure issue was addressed with improved private data redaction for log entries. Description: An information disclosure issue was addressed with improved private data redaction for log entries.
About the security content of macOS Sequoia 15.1 - Apple Support
Impact: Impact: A malicious app with root privileges may be able to modify the contents of system files Impact: Impact: A malicious app may be able to access private information
News
US-CERT Vulnerability Summary for the Week of October 28, 2024
abdullahirfan — documentpress Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Abdullah Irfan DocumentPress allows Reflected XSS.This issue affects DocumentPress: from n/a through 2.1. 2024-10-29 6.1 CVE-2024-49656 [email protected] abdullahirfan — whitelist Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Abdullah Irfan Whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through 3.5. 2024-10-29 6.1 CVE-2024-49643 [email protected] AffiliateX–AffiliateX Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AffiliateX allows Stored XSS.This issue affects AffiliateX: from n/a through 1.2.9. 2024-10-29 6.5 CVE-2024-49692 [email protected] Ahmed Kaludi, Mohammed Kaludi–AMP for WP Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1. 2024-11-01 6.3 CVE-2024-43146 [email protected] Alex Volkov–WP Accessibility Helper (WAH) Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9.
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
An attacker with physical access to a locked device may be able to view sensitive user information. A malicious app with root privileges may be able to modify the contents of system files.
Apple Security Advisory 10-28-2024-3
Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
APPLE-SA-10-28-2024-5 macOS Ventura 13.7.1
CVE-2024-44270: Mickey Jin (@patch1t) AppleMobileFileIntegrity Available for: macOS Ventura Impact: An app may be able to modify protected parts of the file system Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. CVE-2024-40855: Csaba Fitzl (@theevilbit) of Kandji Find My Available for: macOS Ventura Impact: An app may be able to read sensitive location information Description: A privacy issue was addressed with improved private data redaction for log entries.
APPLE-SA-10-28-2024-4 macOS Sonoma 14.7.1
CVE-2024-44270: Mickey Jin (@patch1t) AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An app may be able to modify protected parts of the file system Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. CVE-2024-40855: Csaba Fitzl (@theevilbit) of Kandji Find My Available for: macOS Sonoma Impact: An app may be able to read sensitive location information Description: A privacy issue was addressed with improved private data redaction for log entries.
See 15 more articles and social media posts