CVE-2024-44228

CWE-276 โ€” Incorrect Default Permissions4 documents4 sources
Severity
7.5HIGH
EPSS
0.2%
top 60.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Xcode
Timeline
PublishedOct 28

Description

This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

โ–ถCVEListV5apple/xcode< 16
โ–ถNVDapple/xcode< 16.0

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-rj6f-j453-ffwx: This issue was addressed with improved permissions checkingโ†—2024-10-28
โ–ถ
CVEList
CVE-2024-44228: This issue was addressed with improved permissions checkingโ†—2024-10-28
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Apple
CVE-2024-44228: Xcode 16โ†—2024-09-16
โ–ถ