CVE-2024-44132Link Following in Apple Macos

CWE-59Link FollowingCWE-61UNIX Symbolic Link (Symlink) Following3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 66.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MacosApple Macos Sequoia
Timeline
PublishedSep 17

Description

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

CVEListV5apple/macos< 15
NVDapple/macos< 15.0

🔴Vulnerability Details

1
GHSA
GHSA-56gf-j26c-43xh: This issue was addressed with improved handling of symlinks2024-09-17

📋Vendor Advisories

1
Apple
CVE-2024-44132: macOS Sequoia 152024-09-16