5.5
MEDIUM
CVE-2024-44243
Apple macOS Sequoia File System Privilege Escalation
Description

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system.

INFO

Published Date :

Dec. 12, 2024, 2:15 a.m.

Last Modified :

Dec. 20, 2024, 7:15 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2024-44243 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-44243 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Apple macos
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-44243.

URL Resource
https://support.apple.com/en-us/121839 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
yo-yo-yo-jbo/yo-yo-yo-jbo.github.io

None

Updated: 2 weeks, 5 days ago
0 stars 1 fork 1 watcher
Born at : April 4, 2023, 5:52 p.m. This repo has been linked 21 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-44243 vulnerability anywhere in the article.

  • seclists.org
APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3

Full Disclosure mailing list archives From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org> Date: Mon, 27 Jan 2025 14:53:27 -0800 -----BEGIN PGP SIGNED MESSAGE----- Hash: SH ... Read more

Published Date: Jan 28, 2025 (3 weeks, 3 days ago)
CVE-2025-24176 CVE-2025-24174 CVE-2025-24166 CVE-2025-24163 CVE-2025-24161 CVE-2025-24160 CVE-2025-24159 CVE-2025-24156 CVE-2025-24154 CVE-2025-24151 ...+31 more CVE
  • TheCyberThrone
CVE-2025-0107 PoC Exploit Code Released for PaloAlto Flaw

Background:CVE-2025-0107 is a critical OS command injection vulnerability discovered in Palo Alto Networks’ Expedition Tool, version 1.2.101 and earlier. Recently, security researchers released a Proo ... Read more

Published Date: Jan 19, 2025 (1 month ago)
CVE-2024-7344 CVE-2025-0107 CVE-2024-5594 CVE-2024-52046 CVE-2024-54677 CVE-2024-50379 CVE-2024-44243 CVE-2024-27397
  • The Hacker News
U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Sal ... Read more

Published Date: Jan 18, 2025 (1 month ago)
CVE-2025-0282 CVE-2024-44243
  • The Hacker News
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Firmware Security / Vulnerability Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authenticatio ... Read more

Published Date: Jan 17, 2025 (1 month ago)
CVE-2024-44243 CVE-2024-52558 CVE-2024-52320 CVE-2024-48871
  • TheCyberThrone
CVE-2025-23082 impacts Veeam Backup for Microsoft Azure

CVE-2025-23082 is a high-severity security vulnerability identified in Veeam Backup for Microsoft Azure, a solution designed to protect workloads running in Microsoft’s Azure cloud environment. This v ... Read more

Published Date: Jan 17, 2025 (1 month ago)
CVE-2023-37936 CVE-2025-23082 CVE-2024-50603 CVE-2024-5594 CVE-2024-44243 CVE-2024-38193
  • TheCyberThrone
CVE-2023-37936 impacts Fortinet FortiSwitch

CVE-2023-37936 is a critical security vulnerability identified in Fortinet FortiSwitch devices. This vulnerability is particularly severe due to its potential to allow unauthorized code execution, lea ... Read more

Published Date: Jan 16, 2025 (1 month ago)
CVE-2024-55591 CVE-2023-37936 CVE-2024-12398 CVE-2024-5594 CVE-2024-44243 CVE-2024-47575
  • The Hacker News
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

Vulnerability / Cybersecurity Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) sys ... Read more

Published Date: Jan 16, 2025 (1 month ago)
CVE-2024-7344 CVE-2024-44243
  • The Hacker News
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid m ... Read more

Published Date: Jan 16, 2025 (1 month ago)
CVE-2024-44243 CVE-2017-11882
  • TheCyberThrone
Ivanti fixes Critical Security Vulnerabilities in EPM

OverviewIvanti has recently addressed multiple critical and high-severity vulnerabilities in its Endpoint Manager (EPM) software. These vulnerabilities could allow unauthorized access, remote code exe ... Read more

Published Date: Jan 16, 2025 (1 month ago)
CVE-2024-13161 CVE-2024-13160 CVE-2024-13159 CVE-2024-13181 CVE-2024-13180 CVE-2024-13179 CVE-2024-10811 CVE-2024-10630 CVE-2024-55591 CVE-2024-12398 ...+10 more CVE
  • The Hacker News
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws

Endpoint Security / Ransomware Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints a ... Read more

Published Date: Jan 16, 2025 (1 month ago)
CVE-2024-44243 CVE-2024-4984 CVE-2024-3665
  • The Hacker News
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager

Vulnerability / Endpoint Security Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four c ... Read more

Published Date: Jan 16, 2025 (1 month ago)
CVE-2024-13161 CVE-2024-13160 CVE-2024-13159 CVE-2024-10811 CVE-2025-0070 CVE-2025-0066 CVE-2024-44243
  • TheCyberThrone
CVE-2024-50603 impacts Aviatrix with Cryptomining

CVE-2024-50603 is a critical security vulnerability identified in the Aviatrix Controller, a cloud networking platform used to manage and secure cloud infrastructure across multiple providers. This vu ... Read more

Published Date: Jan 16, 2025 (1 month ago)
CVE-2024-55591 CVE-2024-12398 CVE-2024-50603 CVE-2024-5594 CVE-2024-44243
  • TheCyberThrone
CVE-2024-44243: macOS SIP Bypass Flaw

CVE-2024-44243 is a critical vulnerability discovered in macOS that allows attackers to bypass Apple’s System Integrity Protection (SIP) by exploiting third-party kernel extensions. This vulnerability ... Read more

Published Date: Jan 15, 2025 (1 month ago)
CVE-2024-55591 CVE-2024-12398 CVE-2024-5594 CVE-2024-54677 CVE-2024-50379 CVE-2024-44243 CVE-2024-49415
  • Dark Reading
Apple Bug Allows Root Protections Bypass Without Physical Access

Source: Andrey Kryuchkov via Alamy Stock PhotoCyber defenders are encouraged to ensure systems have been updated with the latest macOS patch, which includes a fix for a vulnerability that exposed the ... Read more

Published Date: Jan 14, 2025 (1 month ago)
CVE-2024-44243
  • The Hacker News
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

Endpoint Security / Vulnerability Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to byp ... Read more

Published Date: Jan 14, 2025 (1 month, 1 week ago)
CVE-2025-0282 CVE-2024-44243 CVE-2024-44133 CVE-2023-32369 CVE-2022-22583 CVE-2021-30892
  • Cybersecurity News
Kernel Modules and Malicious Commands: Anatomy of the sysinitd Rootkit

The workflow chart of this rootkit malware | Source: FGIRThe FortiGuard Incident Response (FGIR) team has conducted a comprehensive analysis of a sophisticated Linux rootkit, shedding light on how it ... Read more

Published Date: Jan 14, 2025 (1 month, 1 week ago)
CVE-2024-44243 CVE-2024-21338
  • Cybersecurity News
Microsoft Unveils CVE-2024-44243: A macOS System Integrity Protection Bypass Through Kernel Extensions

Microsoft Defender Research Team has revealed a macOS vulnerability—CVE-2024-44243—that allows attackers to bypass Apple’s robust System Integrity Protection (SIP). SIP, a cornerstone of macOS securit ... Read more

Published Date: Jan 14, 2025 (1 month, 1 week ago)
CVE-2024-54498 CVE-2024-44243 CVE-2023-32369
  • BleepingComputer
Microsoft: macOS bug lets hackers install malicious kernel drivers

Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. System I ... Read more

Published Date: Jan 13, 2025 (1 month, 1 week ago)
CVE-2024-44243 CVE-2023-32369 CVE-2022-42821 CVE-2021-30970 CVE-2021-30892
  • seclists.org
APPLE-SA-12-11-2024-3 macOS Sequoia 15.2

Full Disclosure mailing list archives From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org> Date: Wed, 11 Dec 2024 16:36:26 -0700 -----BEGIN PGP SIGNED MESSAGE----- Hash: SH ... Read more

Published Date: Dec 12, 2024 (2 months, 1 week ago)
CVE-2024-54534 CVE-2024-54531 CVE-2024-54529 CVE-2024-54528 CVE-2024-54527 CVE-2024-54526 CVE-2024-54524 CVE-2024-54515 CVE-2024-54514 CVE-2024-54513 ...+34 more CVE

The following table lists the changes that have been made to the CVE-2024-44243 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Dec. 20, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
  • Initial Analysis by [email protected]

    Dec. 18, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* versions from (including) 15.0 up to (excluding) 15.2
    Changed Reference Type https://support.apple.com/en-us/121839 No Types Assigned https://support.apple.com/en-us/121839 Vendor Advisory
  • New CVE Received by [email protected]

    Dec. 12, 2024

    Action Type Old Value New Value
    Added Description A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system.
    Added Reference https://support.apple.com/en-us/121839
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-44243 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-44243 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: