CVE-2024-44213 — Insecure Storage of Sensitive Information in Apple Macos

CWE-922 — Insecure Storage of Sensitive Information5 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.1%

top 65.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Macos Sequoia Apple Macos Sonoma +1 more

Timeline

PublishedOct 28

Description

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker in a privileged network position may be able to leak sensitive user information.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

▶Appleapple/macos_sonoma14.7.1

▶Appleapple/macos_sequoia15.1

▶Appleapple/macos_ventura13.7.1

▶CVEListV5apple/macos< 14.7.1+1

▶NVDapple/macos14.0 — 14.7.1+1

🔴Vulnerability Details

GHSA

GHSA-5744-494c-924x: An issue existed in the parsing of URLs↗2024-10-28

▶

📋Vendor Advisories

Apple

CVE-2024-44213: macOS Sonoma 14.7.1↗2024-10-28

▶

Apple

CVE-2024-44213: macOS Ventura 13.7.1↗2024-10-28

▶

Apple

CVE-2024-44213: macOS Sequoia 15.1↗2024-10-28

▶