What is the severity of CVE-2024-23269?

CVE-2024-23269 is categorized as a moderate severity vulnerability affecting Intel-based Mac computers.

How do I fix CVE-2024-23269?

To resolve CVE-2024-23269, update your macOS to version 12.7.4, 13.6.5, or 14.4.

What systems are affected by CVE-2024-23269?

CVE-2024-23269 impacts macOS versions prior to 12.7.4, 13.6.5, and 14.4.

What type of issue is CVE-2024-23269?

CVE-2024-23269 is a downgrade vulnerability that may allow an app to modify protected parts of the file system.

Is CVE-2024-23269 a remote exploitation vulnerability?

CVE-2024-23269 does not appear to be remotely exploitable as it requires local access to the affected system.

Vulnerability/
CVE-2024-23269

medium

6.2

7/3/2024

8/3/2024

13/2/2025

CVE-2024-23269

First published: Thu Mar 07 2024(Updated: )

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.

Credit: Mickey Jin @patch1t product-security@apple.com Wojciech Regula SecuRingKirin @Pwnrin Marc Newlin SkySafem4yfly with TianGong Team Legendsec at Qi'anxin GroupGuilherme Rambo Best Buddy Appsan anonymous researcher Csaba Fitzl @theevilbit OffSecCVE-2024-23205 CVE-2022-48554 Joshua Jewett @JoshJewett33 Junsung Lee Trend Micro Zero Day InitiativeZhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R Murray Mike Pedro Tôrres @t0rr3sp3dr0 CVE-2024-23235 Xinru Chi Pangu LabCVE-2024-23225 koocola ali yabuz Meysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiative @08Tc3wBB JamfCVE-2024-23283 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Bohdan Stasiuk @Bohdan_Stasiuk Harsh Tyagi CVE-2024-23296 Lyra Rebane (rebane2001) Matej Rabzelj CVE-2024-23238 Yiğit Can YILMAZ @yilmazcanyigit luckyu @uuulucky K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Matthew Loewen Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik anbu1024 SecANTPwn2car James Lee @Windowsrcer Johan Carlsson (joaxcar) Georg Felber Marco Squarcina Brian McNulty Stephan Casas CVE-2024-23291 Clemens Lang Koh M. Nakagawa FFRI Security IncMeng Zhang (鲸落) NorthSeaJubaer Alnazi @h33tjubaer Csaba Fitzl @theevilbit Offensive Security

Affected Software	Affected Version	How to fix
Apple macOS Monterey	<12.7.4	12.7.4
Apple macOS	<14.4	14.4
Apple macOS	<13.6.5	13.6.5
Apple iOS and macOS	>=12.0<12.7.4
Apple iOS and macOS	>=13.0<13.6.5
Apple iOS and macOS	>=14.0<14.4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-23276
CVE-2024-23227
CVE-2024-23269
CVE-2024-23247
CVE-2024-23218
CVE-2024-23299
CVE-2024-23244
CVE-2024-23270
CVE-2024-23286
CVE-2024-23257
CVE-2024-23234
CVE-2024-23266
CVE-2024-23265
CVE-2024-23225
CVE-2024-23201
CVE-2023-28826
CVE-2024-23264
CVE-2024-23283
CVE-2024-23274
CVE-2024-23268
CVE-2024-23275
CVE-2024-23267
CVE-2024-23216
CVE-2024-23230
CVE-2024-23204
CVE-2024-23245
CVE-2024-23272
CVE-2023-40389
CVE-2024-23291
CVE-2024-27886
CVE-2024-23233
CVE-2024-23288
CVE-2024-23277
CVE-2024-23248
CVE-2024-23249
CVE-2024-23250
CVE-2024-23205
CVE-2022-48554
CVE-2024-23229
CVE-2024-27789
CVE-2024-23253
CVE-2024-23258
CVE-2024-23235
CVE-2024-27853
CVE-2024-23278
CVE-2024-0258
CVE-2024-23279
CVE-2024-23287
CVE-2024-23285
CVE-2024-27809
CVE-2024-27887
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
CVE-2022-42816
CVE-2023-42853
CVE-2024-27888
CVE-2024-23255
CVE-2024-23294
CVE-2024-23296
CVE-2024-23259
CVE-2024-23273
CVE-2024-23238
CVE-2024-23239
CVE-2024-23290
CVE-2024-23232
CVE-2024-23231
CVE-2024-23292
CVE-2024-23289
CVE-2024-23293
CVE-2024-23241
CVE-2024-23242
CVE-2024-23281
CVE-2024-27792
CVE-2024-23261
CVE-2024-23260
CVE-2024-23246
CVE-2024-23226
CVE-2024-23254
CVE-2024-23263
CVE-2024-23280
CVE-2024-23284
CVE-2024-23203
CVE-2024-23217
CVE-2024-54658
CVE-2024-27859

Frequently Asked Questions

What is the severity of CVE-2024-23269?
CVE-2024-23269 is categorized as a moderate severity vulnerability affecting Intel-based Mac computers.
How do I fix CVE-2024-23269?
To resolve CVE-2024-23269, update your macOS to version 12.7.4, 13.6.5, or 14.4.
What systems are affected by CVE-2024-23269?
CVE-2024-23269 impacts macOS versions prior to 12.7.4, 13.6.5, and 14.4.
What type of issue is CVE-2024-23269?
CVE-2024-23269 is a downgrade vulnerability that may allow an app to modify protected parts of the file system.
Is CVE-2024-23269 a remote exploitation vulnerability?
CVE-2024-23269 does not appear to be remotely exploitable as it requires local access to the affected system.

agent/first-publish-date
agent/type
collector/apple-support
source/Apple
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/severity
agent/trending
agent/source
agent/software-canonical-lookup-request
agent/event
agent/references
agent/softwarecombine
agent/description
alias/CVE-2024-23288
alias/CVE-2024-23277
alias/CVE-2024-23247
alias/CVE-2024-23248
alias/CVE-2024-23249
alias/CVE-2024-23250
alias/CVE-2024-23299
alias/CVE-2024-23244
alias/CVE-2024-23205
alias/CVE-2022-48554
alias/CVE-2024-23229
alias/CVE-2024-27789
alias/CVE-2024-23253
alias/CVE-2024-23270
alias/CVE-2024-23257
alias/CVE-2024-23258
alias/CVE-2024-23286
alias/CVE-2024-23234
alias/CVE-2024-23266
alias/CVE-2024-23235
alias/CVE-2024-23265
alias/CVE-2024-23225
alias/CVE-2024-27853
alias/CVE-2024-23278
alias/CVE-2024-0258
alias/CVE-2024-23279
alias/CVE-2024-23287
alias/CVE-2024-23264
alias/CVE-2024-23285
alias/CVE-2024-27809
alias/CVE-2024-23283
alias/CVE-2024-27887
alias/CVE-2023-48795
alias/CVE-2023-51384
alias/CVE-2023-51385
alias/CVE-2022-42816
alias/CVE-2024-23216
alias/CVE-2024-23267
alias/CVE-2024-23268
alias/CVE-2024-23274
alias/CVE-2023-42853
alias/CVE-2024-23275
alias/CVE-2024-27888
alias/CVE-2024-23255
alias/CVE-2024-23294
alias/CVE-2024-23296
alias/CVE-2024-23259
alias/CVE-2024-23273
alias/CVE-2024-23238
alias/CVE-2024-23239
alias/CVE-2024-23290
alias/CVE-2024-23232
alias/CVE-2024-23231
alias/CVE-2024-23230
alias/CVE-2024-23245
alias/CVE-2024-23292
alias/CVE-2024-23289
alias/CVE-2024-23293
alias/CVE-2024-23241
alias/CVE-2024-23272
alias/CVE-2024-23242
alias/CVE-2024-23281
alias/CVE-2024-27792
alias/CVE-2024-23261
alias/CVE-2024-23260
alias/CVE-2024-23246
alias/CVE-2024-54658
alias/CVE-2024-23226
alias/CVE-2024-27859
alias/CVE-2024-23254
alias/CVE-2024-23263
alias/CVE-2024-23280
alias/CVE-2024-23284
alias/CVE-2024-23227
alias/CVE-2024-27886
alias/CVE-2024-23233
alias/CVE-2024-23269
alias/CVE-2024-23276
alias/CVE-2024-23218
alias/CVE-2024-23201
alias/CVE-2023-28826
alias/CVE-2024-23204
alias/CVE-2023-40389
alias/CVE-2024-23203
alias/CVE-2024-23217
agent/author
agent/last-modified-date
agent/tags
collector/nvd-api
source/NVD
vendor/apple
canonical/apple macos monterey
canonical/apple macos
canonical/apple ios and macos
version/apple ios and macos/12.0
version/apple ios and macos/13.0
version/apple ios and macos/14.0