CVE-2024-44131: This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to...

Description

This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.

Classification

CVE ID: CVE-2024-44131

Problem Types

An app may be able to access sensitive user data

Affected Products

Vendor: Apple, Apple

Product: macOS, iOS and iPadOS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.14% (probability of being exploited)

EPSS Percentile: 35.37% (scored less or equal to compared to others)

EPSS Date: 2025-04-23 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-44131
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121250

Timeline

2024-12-12 12:45:15 UTC
TheHackerNews

Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS
2025-03-25 17:40:36 UTC
CVE

This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to...