What is the severity of CVE-2024-44168?

CVE-2024-44168 is classified as a high severity vulnerability due to the potential for unauthorized modification of protected file system parts.

How do I fix CVE-2024-44168?

To fix CVE-2024-44168, update your macOS to Ventura 13.7, Sonoma 14.7, or Sequoia 15.

What platforms are affected by CVE-2024-44168?

CVE-2024-44168 affects macOS versions prior to 13.7 and between 14.0 and 14.7.

What type of vulnerability is CVE-2024-44168?

CVE-2024-44168 is a library injection issue that involves permissions and file system access.

Can CVE-2024-44168 affect my user accounts?

Yes, CVE-2024-44168 involves a permissions issue that could potentially impact user accounts on the affected macOS versions.

Vulnerability/
CVE-2024-44168

medium

5.5

CWE

427

16/9/2024

27/1/2025

CVE-2024-44168

First published: Mon Sep 16 2024(Updated: )

A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.

Credit: product-security@apple.com Michael DePlante @izobashi Trend Micro Zero Day InitiativePwn2car Trend Micro Zero Day InitiativeMickey Jin @patch1t Kirin @Pwnrin Claudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosHalle Winkler Politepix @hallewinkler Holger Fuhrmannek Anton Boegler Snoolie Keffaber @0xilis an anonymous researcher Yiğit Can YILMAZ @yilmazcanyigit Rodolphe Brunetti @eisw0lf CVE-2023-4504 Csaba Fitzl @theevilbit Kandji @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day InitiativeAntonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Kirin @Pwnrin Fudan UniversityLFY @secsys Fudan UniversityOlivier Levon CVE-2023-5841 Meng Zhang (鲸落) NorthSeaajajfxhj Brian McNulty Computer ScienceCristian Dinca Computer ScienceRomania Vaibhav Prajapati CVE-2024-39894 Wojciech Regula SecuRingRifa'i Rejal Maynando Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Zhongquan Li @Guluisacat Yiğit Can YILMAZ @yilmazcanyigit SecuRingKirin @Pwnrin NorthSea냥냥 Vivek Dhar Pedro José Pereira Vieito @pvieito luckyu @uuulucky NorthSeaOm Kothawade the UNTHSC College of PharmacyOmar A. Alanis the UNTHSC College of PharmacyK宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Arsenii Kostromin (0x3c3e) Jonathan Bar Or @yo_yo_yo_jbo MicrosoftBohdan Stasiuk @Bohdan_Stasiuk CVE-2024-41957 Ron Masas Hafiizh HakTrakYoKo Kho @yokoacc HakTrakCharly Suchanek CVE-2024-44134 Domien Schepers Tim Clem Gergely Kalman @gergely_kalman Koh M. Nakagawa @tsunek0h CVE-2024-44129 Pedro Tôrres @t0rr3sp3dr0 CVE-2024-44130 Stephan Casas

Affected Software	Affected Version	How to fix
Apple macOS	<13.7
Apple macOS	>=14.0<14.7
Apple macOS	<13.7	13.7
Apple macOS	<14.7	14.7
Apple macOS Sequoia	<15	15

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/121234 (Advisory)
https://support.apple.com/en-us/121238 (Advisory)
https://support.apple.com/en-us/121247 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-44129
CVE-2024-44182
CVE-2024-27886
CVE-2024-40847
CVE-2024-40814
CVE-2024-44164
CVE-2024-44168
CVE-2024-40848
CVE-2024-44128
CVE-2024-44151
CVE-2024-27876
CVE-2024-44177
CVE-2024-40850
CVE-2024-44176
CVE-2024-44160
CVE-2024-44161
CVE-2024-44169
CVE-2024-44165
CVE-2024-40791
CVE-2024-44181
CVE-2024-44183
CVE-2024-44167
CVE-2024-44178
CVE-2024-40797
CVE-2024-44163
CVE-2024-44158
CVE-2024-40844
CVE-2024-44166
CVE-2024-44190
CVE-2024-44184
CVE-2024-44153
CVE-2024-40846
CVE-2024-40845
CVE-2024-44154
CVE-2024-40841
CVE-2024-44135
CVE-2024-44126
CVE-2024-27880
CVE-2024-44125
CVE-2024-40801
CVE-2024-40860
CVE-2024-44188
CVE-2024-40792
CVE-2024-40825
CVE-2024-44130
CVE-2024-40837
CVE-2024-27860
CVE-2024-27861
CVE-2024-27795
CVE-2024-44132
CVE-2024-44172
CVE-2024-27869
CVE-2024-27875
CVE-2024-44146
CVE-2024-27849
CVE-2023-4504
CVE-2024-40855
CVE-2024-44148
CVE-2024-44131
CVE-2024-40831
CVE-2024-40861
CVE-2024-44175
CVE-2024-44191
CVE-2024-44122
CVE-2024-44198
CVE-2023-5841
CVE-2024-27858
CVE-2024-40838
CVE-2024-44186
CVE-2024-39894
CVE-2024-40826
CVE-2024-44149
CVE-2024-44155
CVE-2024-44203
CVE-2024-44144
CVE-2024-44137
CVE-2024-44174
CVE-2024-44123
CVE-2024-44145
CVE-2024-44170
CVE-2024-44152
CVE-2024-44133
CVE-2024-40859
CVE-2024-41957
CVE-2024-40857
CVE-2024-40866
CVE-2024-44187
CVE-2024-40770
CVE-2024-23237
CVE-2024-44134
CVE-2024-40856
CVE-2024-44189
CVE-2024-44208
CVE-2024-40842
CVE-2024-40843

Frequently Asked Questions

What is the severity of CVE-2024-44168?
CVE-2024-44168 is classified as a high severity vulnerability due to the potential for unauthorized modification of protected file system parts.
How do I fix CVE-2024-44168?
To fix CVE-2024-44168, update your macOS to Ventura 13.7, Sonoma 14.7, or Sequoia 15.
What platforms are affected by CVE-2024-44168?
CVE-2024-44168 affects macOS versions prior to 13.7 and between 14.0 and 14.7.
What type of vulnerability is CVE-2024-44168?
CVE-2024-44168 is a library injection issue that involves permissions and file system access.
Can CVE-2024-44168 affect my user accounts?
Yes, CVE-2024-44168 involves a permissions issue that could potentially impact user accounts on the affected macOS versions.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/apple-support
source/Apple
alias/CVE-2024-40848
alias/CVE-2024-44128
alias/CVE-2024-44151
alias/CVE-2024-27876
alias/CVE-2024-44177
alias/CVE-2024-40850
alias/CVE-2024-44176
alias/CVE-2024-44160
alias/CVE-2024-44161
alias/CVE-2024-44169
alias/CVE-2024-44165
alias/CVE-2024-40791
alias/CVE-2024-44181
alias/CVE-2024-44183
alias/CVE-2024-44167
alias/CVE-2024-44178
alias/CVE-2024-40797
alias/CVE-2024-44163
alias/CVE-2024-44158
alias/CVE-2024-40844
alias/CVE-2024-44166
alias/CVE-2024-44190
alias/CVE-2024-44184
alias/CVE-2024-44168
alias/CVE-2024-40847
alias/CVE-2024-44164
alias/CVE-2024-40841
alias/CVE-2024-44135
alias/CVE-2024-44126
alias/CVE-2024-27880
alias/CVE-2024-44125
alias/CVE-2024-40801
alias/CVE-2024-40860
alias/CVE-2024-44182
alias/CVE-2024-27886
alias/CVE-2024-40814
alias/CVE-2024-40845
alias/CVE-2024-44154
alias/CVE-2024-40846
alias/CVE-2024-40792
alias/CVE-2024-40825
alias/CVE-2024-44130
alias/CVE-2024-40837
alias/CVE-2024-27860
alias/CVE-2024-27861
alias/CVE-2024-27795
alias/CVE-2024-44132
alias/CVE-2024-44172
alias/CVE-2024-27869
alias/CVE-2024-27875
alias/CVE-2024-44146
alias/CVE-2024-27849
alias/CVE-2023-4504
alias/CVE-2024-40855
alias/CVE-2024-44148
alias/CVE-2024-44131
alias/CVE-2024-40831
alias/CVE-2024-40861
alias/CVE-2024-44175
alias/CVE-2024-44191
alias/CVE-2024-44122
alias/CVE-2024-44198
alias/CVE-2023-5841
alias/CVE-2024-27858
alias/CVE-2024-40838
alias/CVE-2024-44186
alias/CVE-2024-39894
alias/CVE-2024-40826
alias/CVE-2024-44149
alias/CVE-2024-44155
alias/CVE-2024-44203
alias/CVE-2024-44144
alias/CVE-2024-44137
alias/CVE-2024-44174
alias/CVE-2024-44123
alias/CVE-2024-44145
alias/CVE-2024-44170
alias/CVE-2024-44152
alias/CVE-2024-44133
alias/CVE-2024-40859
alias/CVE-2024-41957
alias/CVE-2024-40857
alias/CVE-2024-40866
alias/CVE-2024-44187
alias/CVE-2024-40770
alias/CVE-2024-23237
alias/CVE-2024-44134
alias/CVE-2024-40856
alias/CVE-2024-44189
alias/CVE-2024-44208
alias/CVE-2024-40842
alias/CVE-2024-40843
alias/CVE-2024-44188
alias/CVE-2024-44153
agent/last-modified-date
agent/source
agent/tags
agent/author
agent/softwarecombine
agent/description
agent/first-publish-date
vendor/apple
canonical/apple macos
version/apple macos/14.0
canonical/apple macos sequoia