CVE-2024-44166: Input Validation
First published: Mon Sep 16 2024(Updated: )
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.
Credit: product-security@apple.com Denis Tokarev @illusionofcha0s dw0r ZeroPointer Lab working with Trend Micro Zero Day Initiativean anonymous researcher Michael DePlante @izobashi Trend Micro Zero Day InitiativeAntonio Zekić Andrew Lytvynov Rodolphe BRUNETTI @eisw0lf Kirin @Pwnrin Fudan UniversityLFY @secsys Fudan UniversityOlivier Levon ajajfxhj Mickey Jin @patch1t Rifa'i Rejal Maynando Zhongquan Li @Guluisacat Kirin @Pwnrin Kirin @Pwnrin NorthSealuckyu @uuulucky NorthSeaBohdan Stasiuk @Bohdan_Stasiuk Pwn2car Trend Micro Zero Day InitiativeClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosHalle Winkler Politepix @hallewinkler Holger Fuhrmannek Anton Boegler Snoolie Keffaber @0xilis Yiğit Can YILMAZ @yilmazcanyigit Rodolphe Brunetti @eisw0lf CVE-2023-4504 Csaba Fitzl @theevilbit Kandji @08Tc3wBB JamfJunsung Lee Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroCVE-2023-5841 Meng Zhang (鲸落) NorthSeaBrian McNulty Computer ScienceCristian Dinca Computer ScienceRomania Vaibhav Prajapati CVE-2024-39894 Wojciech Regula SecuRingNarendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Yiğit Can YILMAZ @yilmazcanyigit SecuRing냥냥 Vivek Dhar Pedro José Pereira Vieito @pvieito Om Kothawade the UNTHSC College of PharmacyOmar A. Alanis the UNTHSC College of PharmacyK宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Arsenii Kostromin (0x3c3e) Jonathan Bar Or @yo_yo_yo_jbo MicrosoftCVE-2024-41957 Ron Masas Hafiizh HakTrakYoKo Kho @yokoacc HakTrakCharly Suchanek CVE-2024-44134 Domien Schepers Tim Clem Gergely Kalman @gergely_kalman Koh M. Nakagawa @tsunek0h CVE-2024-44129 Pedro Tôrres @t0rr3sp3dr0 CVE-2024-44130 Stephan Casas
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <14.7 | 14.7 |
| Apple iOS and macOS | <13.7 | |
| Apple iOS and macOS | >=14.0<14.7 | |
| macOS | <15 | 15 |
| macOS Ventura | <13.7 | 13.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/121234 (Advisory)
- https://support.apple.com/en-us/121238 (Advisory)
- https://support.apple.com/en-us/121247 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-44153
- CVE-2024-44182
- CVE-2024-40846
- CVE-2024-40845
- CVE-2024-44154
- CVE-2024-40847
- CVE-2024-44164
- CVE-2024-44168
- CVE-2024-40848
- CVE-2024-40841
- CVE-2024-44135
- CVE-2024-44126
- CVE-2024-44128
- CVE-2024-44151
- CVE-2024-27876
- CVE-2024-44177
- CVE-2024-40850
- CVE-2024-27880
- CVE-2024-44176
- CVE-2024-44160
- CVE-2024-44161
- CVE-2024-44169
- CVE-2024-44165
- CVE-2024-40791
- CVE-2024-44181
- CVE-2024-44183
- CVE-2024-44167
- CVE-2024-44178
- CVE-2024-40797
- CVE-2024-44163
- CVE-2024-44125
- CVE-2024-40801
- CVE-2024-44158
- CVE-2024-40844
- CVE-2024-40860
- CVE-2024-44166
- CVE-2024-44190
- CVE-2024-44184
- CVE-2024-44129
- CVE-2024-44188
- CVE-2024-40792
- CVE-2024-40825
- CVE-2024-44130
- CVE-2024-40837
- CVE-2024-27860
- CVE-2024-27861
- CVE-2024-27795
- CVE-2024-44132
- CVE-2024-44172
- CVE-2024-27869
- CVE-2024-27875
- CVE-2024-44146
- CVE-2024-27849
- CVE-2023-4504
- CVE-2024-40855
- CVE-2024-44148
- CVE-2024-44131
- CVE-2024-40831
- CVE-2024-40861
- CVE-2024-44175
- CVE-2024-44191
- CVE-2024-44122
- CVE-2024-44198
- CVE-2023-5841
- CVE-2024-27858
- CVE-2024-40838
- CVE-2024-44186
- CVE-2024-39894
- CVE-2024-40826
- CVE-2024-44149
- CVE-2024-44155
- CVE-2024-44203
- CVE-2024-44144
- CVE-2024-44137
- CVE-2024-44174
- CVE-2024-44123
- CVE-2024-44145
- CVE-2024-44170
- CVE-2024-44152
- CVE-2024-44133
- CVE-2024-40859
- CVE-2024-41957
- CVE-2024-40857
- CVE-2024-40866
- CVE-2024-44187
- CVE-2024-40770
- CVE-2024-23237
- CVE-2024-44134
- CVE-2024-40856
- CVE-2024-44189
- CVE-2024-44208
- CVE-2024-40842
- CVE-2024-40843
- CVE-2024-27886
- CVE-2024-40814
- CVE-2024-54469
Frequently Asked Questions
What is the severity of CVE-2024-44166?
CVE-2024-44166 has been rated as a moderate severity vulnerability due to the potential for unauthorized access to user-sensitive data.
How do I fix CVE-2024-44166?
To mitigate CVE-2024-44166, users should update their macOS to version 13.7, 14.7, or 15, depending on the current version.
What types of systems are affected by CVE-2024-44166?
CVE-2024-44166 affects various versions of macOS including Ventura, Sonoma, and Sequoia.
What user data is at risk with CVE-2024-44166?
CVE-2024-44166 risks exposing user-sensitive data through unredacted log entries.
Was CVE-2024-44166 addressed in previous macOS versions?
No, CVE-2024-44166 was specifically fixed in macOS Ventura 13.7, macOS Sonoma 14.7, and macOS Sequoia 15.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/event
- collector/apple-support
- source/Apple
- alias/CVE-2024-44167
- alias/CVE-2024-44178
- alias/CVE-2024-40797
- alias/CVE-2024-44163
- alias/CVE-2024-44125
- alias/CVE-2024-40801
- alias/CVE-2024-44158
- alias/CVE-2024-40844
- alias/CVE-2024-40860
- alias/CVE-2024-44166
- alias/CVE-2024-44190
- alias/CVE-2024-44184
- agent/software-canonical-lookup
- alias/CVE-2024-40847
- alias/CVE-2024-44164
- alias/CVE-2024-44168
- alias/CVE-2024-40848
- alias/CVE-2024-40841
- alias/CVE-2024-44135
- alias/CVE-2024-44126
- alias/CVE-2024-44128
- alias/CVE-2024-44151
- alias/CVE-2024-27876
- alias/CVE-2024-44177
- alias/CVE-2024-40850
- alias/CVE-2024-27880
- alias/CVE-2024-44176
- alias/CVE-2024-44160
- alias/CVE-2024-44161
- alias/CVE-2024-44169
- alias/CVE-2024-44165
- alias/CVE-2024-40791
- alias/CVE-2024-44181
- alias/CVE-2024-44183
- alias/CVE-2024-40845
- alias/CVE-2024-44154
- alias/CVE-2024-40846
- alias/CVE-2024-44182
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/source
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- alias/CVE-2024-27861
- alias/CVE-2024-27795
- alias/CVE-2024-44132
- alias/CVE-2024-44172
- alias/CVE-2024-27869
- alias/CVE-2024-27875
- alias/CVE-2024-44146
- alias/CVE-2024-27849
- alias/CVE-2023-4504
- alias/CVE-2024-40855
- alias/CVE-2024-44148
- alias/CVE-2024-44131
- alias/CVE-2024-40831
- alias/CVE-2024-40861
- alias/CVE-2024-44175
- alias/CVE-2024-44191
- alias/CVE-2024-44122
- alias/CVE-2024-44198
- alias/CVE-2023-5841
- alias/CVE-2024-27858
- alias/CVE-2024-40838
- alias/CVE-2024-44186
- alias/CVE-2024-39894
- alias/CVE-2024-40826
- alias/CVE-2024-44149
- alias/CVE-2024-44155
- alias/CVE-2024-44203
- alias/CVE-2024-44144
- alias/CVE-2024-44137
- alias/CVE-2024-44174
- alias/CVE-2024-44123
- alias/CVE-2024-40837
- alias/CVE-2024-44145
- alias/CVE-2024-44170
- alias/CVE-2024-44152
- alias/CVE-2024-44133
- alias/CVE-2024-40859
- alias/CVE-2024-41957
- alias/CVE-2024-40857
- alias/CVE-2024-40866
- alias/CVE-2024-44187
- alias/CVE-2024-40770
- alias/CVE-2024-23237
- alias/CVE-2024-44134
- alias/CVE-2024-40856
- alias/CVE-2024-44189
- alias/CVE-2024-44208
- alias/CVE-2024-40842
- alias/CVE-2024-40843
- alias/CVE-2024-27860
- alias/CVE-2024-44130
- alias/CVE-2024-40825
- alias/CVE-2024-44188
- alias/CVE-2024-40792
- alias/CVE-2024-44153
- agent/tags
- agent/softwarecombine
- alias/CVE-2024-54469
- alias/CVE-2024-40814
- alias/CVE-2024-27886
- vendor/apple
- canonical/apple macos
- canonical/apple ios and macos
- version/apple ios and macos/14.0
- canonical/macos
- canonical/macos ventura