CVE-2024-44273

Published: Oct 28, 2024Modified: Apr 2, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to access private information.

Affected (6)

Products: Apple: Ipados, Iphone Os, Macos, Tvos, Visionos, Watchos

6 products

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 18.1
Apple Iphone Os	Before 18.1
Apple Macos	Before 14.7.1
Apple Tvos	Before 18.1
Apple Visionos	Before 2.1
Apple Watchos	Before 11.1

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.