What is the severity of CVE-2024-44247?

CVE-2024-44247 has been classified as a high severity vulnerability due to its potential to allow a malicious application to modify protected files.

How do I fix CVE-2024-44247?

To fix CVE-2024-44247, update to macOS Ventura 13.7.1 or macOS Sonoma 14.7.1, where the issue has been addressed.

What systems are affected by CVE-2024-44247?

CVE-2024-44247 affects versions of macOS from versions before 13.7.1 and between 14.0 and 14.7.1.

What type of vulnerability is CVE-2024-44247?

CVE-2024-44247 is a local privilege escalation vulnerability that allows unauthorized modification of system files.

Can CVE-2024-44247 be exploited remotely?

CVE-2024-44247 requires local access, meaning it cannot be exploited remotely without physical access to the machine.

Vulnerability/
CVE-2024-44247

medium

5.5

CWE

863 20 416 362

28/10/2024

15/1/2025

CVE-2024-44247: Input Validation

First published: Mon Oct 28 2024(Updated: )

Apache. This is a vulnerability in open source code and Apple Software among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

Credit: product-security@apple.com CVE-2024-39573 CVE-2024-38477 CVE-2024-38476 an anonymous researcher Ivan Fratric Google Project ZeroMickey Jin @patch1t K宝 @Pwnrin Kirin @Pwnrin 7feilee pattern-f @pattern_F_ Loadshine LabHikerell Loadshine LabHossein Lotfi @hosselot Trend Micro Zero Day InitiativeAlexandre Bedard Ronny Stiftel Wang Yu CyberservalJunsung Lee Trend Micro Zero Day InitiativeJex Amro Zhongquan Li @Guluisacat Ye Zhang @VAR10CK Baidu SecurityMateusz Krzywicki @krzywix Garrett Moon Excited Pixel LLCArsenii Kostromin (0x3c3e) Ben Roeder Toomas Römer Jaime Bertran Noah Gregory (wts.dev) Un3xploitable CW Research IncBohdan Stasiuk @Bohdan_Stasiuk CW Research IncPedro Tôrres @t0rr3sp3dr0 Mickey Jin @patch1t KandjiCsaba Fitzl @theevilbit Kandjian anonymous researcher Dawn Security Lab of JDYinyi Wu @_3ndy1 Dawn Security Lab of JDNarendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Lucas Di Tomase Ryan Dowd @_rdowd Gergely Kalman @gergely_kalman Csaba Fitzl @theevilbit Michael DePlante @izobashi Trend Micro Zero Day InitiativeHalle Winkler Politepix (theoffcuts.org) Bing Shi Alibaba GroupWenchao Li Alibaba GroupXiaolong Bai Alibaba Group Indiana University BloomingtonLuyi Xing Indiana University Bloomingtondw0r! Trend Micro Zero Day InitiativeRodolphe Brunetti @eisw0lf Cristian Dinca (icmd.tech) Wojciech Regula SecuRingQ1IQ @q1iqF P1umer @p1umer Bohdan Stasiuk @Bohdan_Stasiuk Politepix @hallewinkler Holger Fuhrmannek 냥냥

Affected Software	Affected Version	How to fix
Apple macOS	<14.7.1	14.7.1
Apple iOS and macOS	<13.7.1
Apple iOS and macOS	>=14.0<14.7.1
macOS	<15.1	15.1
macOS Ventura	<13.7.1	13.7.1

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/121570 (Advisory)
https://support.apple.com/en-us/121568 (Advisory)
https://support.apple.com/en-us/121564 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-44255
CVE-2024-44232
CVE-2024-44233
CVE-2024-44234
CVE-2024-44270
CVE-2024-44280
CVE-2024-44260
CVE-2024-44273
CVE-2024-44295
CVE-2024-44240
CVE-2024-44302
CVE-2024-44213
CVE-2024-40855
CVE-2024-44289
CVE-2024-44282
CVE-2024-44265
CVE-2024-40854
CVE-2024-44215
CVE-2024-44297
CVE-2024-44216
CVE-2024-44287
CVE-2024-44197
CVE-2024-44239
CVE-2024-44175
CVE-2024-44122
CVE-2024-44222
CVE-2024-44256
CVE-2024-54471
CVE-2024-44159
CVE-2024-44156
CVE-2024-44196
CVE-2024-44253
CVE-2024-44247
CVE-2024-44267
CVE-2024-44301
CVE-2024-44275
CVE-2024-44294
CVE-2024-44144
CVE-2024-44218
CVE-2024-44137
CVE-2024-54538
CVE-2024-44254
CVE-2024-44269
CVE-2024-44236
CVE-2024-44237
CVE-2024-44284
CVE-2024-44279
CVE-2024-44281
CVE-2024-44283
CVE-2024-44278
CVE-2024-44264
CVE-2024-44257
CVE-2024-39573
CVE-2024-38477
CVE-2024-38476
CVE-2024-54535
CVE-2024-44298
CVE-2024-44299
CVE-2024-44241
CVE-2024-44242
CVE-2024-44285
CVE-2024-44286
CVE-2024-40849
CVE-2024-44201
CVE-2024-44231
CVE-2024-44223
CVE-2024-44292
CVE-2024-44293
CVE-2024-44303
CVE-2024-40858
CVE-2024-44277
CVE-2024-44195
CVE-2024-44259
CVE-2024-44229
CVE-2024-44219
CVE-2024-44211
CVE-2024-44248
CVE-2024-44194
CVE-2024-44200
CVE-2024-44290
CVE-2024-44296
CVE-2024-44212
CVE-2024-44244
CVE-2024-44250
CVE-2024-44126

Frequently Asked Questions

What is the severity of CVE-2024-44247?
CVE-2024-44247 has been classified as a high severity vulnerability due to its potential to allow a malicious application to modify protected files.
How do I fix CVE-2024-44247?
To fix CVE-2024-44247, update to macOS Ventura 13.7.1 or macOS Sonoma 14.7.1, where the issue has been addressed.
What systems are affected by CVE-2024-44247?
CVE-2024-44247 affects versions of macOS from versions before 13.7.1 and between 14.0 and 14.7.1.
What type of vulnerability is CVE-2024-44247?
CVE-2024-44247 is a local privilege escalation vulnerability that allows unauthorized modification of system files.
Can CVE-2024-44247 be exploited remotely?
CVE-2024-44247 requires local access, meaning it cannot be exploited remotely without physical access to the machine.

agent/type
agent/severity
collector/mitre-cve
source/MITRE
collector/apple-support
source/Apple
alias/CVE-2024-44256
alias/CVE-2024-54471
alias/CVE-2024-44159
alias/CVE-2024-44156
alias/CVE-2024-44196
alias/CVE-2024-44253
alias/CVE-2024-44247
alias/CVE-2024-44267
alias/CVE-2024-44301
alias/CVE-2024-44275
alias/CVE-2024-44294
alias/CVE-2024-44144
alias/CVE-2024-44218
alias/CVE-2024-44137
alias/CVE-2024-54538
alias/CVE-2024-44254
alias/CVE-2024-44269
alias/CVE-2024-44236
alias/CVE-2024-44237
alias/CVE-2024-44284
alias/CVE-2024-44279
alias/CVE-2024-44281
alias/CVE-2024-44283
alias/CVE-2024-44278
alias/CVE-2024-44264
alias/CVE-2024-44257
agent/software-canonical-lookup
alias/CVE-2024-44122
alias/CVE-2024-44222
alias/CVE-2024-44240
alias/CVE-2024-44302
alias/CVE-2024-44213
alias/CVE-2024-40855
alias/CVE-2024-44289
alias/CVE-2024-44282
alias/CVE-2024-44265
alias/CVE-2024-40854
alias/CVE-2024-44215
alias/CVE-2024-44297
alias/CVE-2024-44216
alias/CVE-2024-44287
alias/CVE-2024-44197
alias/CVE-2024-44239
alias/CVE-2024-44175
alias/CVE-2024-44273
alias/CVE-2024-44295
alias/CVE-2024-44233
alias/CVE-2024-44234
alias/CVE-2024-44270
alias/CVE-2024-44280
alias/CVE-2024-44260
alias/CVE-2024-44232
agent/event
agent/weakness
agent/references
agent/author
agent/source
agent/description
agent/first-publish-date
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
alias/CVE-2024-40849
alias/CVE-2024-44201
alias/CVE-2024-44231
alias/CVE-2024-44223
alias/CVE-2024-44292
alias/CVE-2024-44293
alias/CVE-2024-44303
alias/CVE-2024-40858
alias/CVE-2024-44277
alias/CVE-2024-44195
alias/CVE-2024-44259
alias/CVE-2024-44229
alias/CVE-2024-44219
alias/CVE-2024-44211
alias/CVE-2024-44248
alias/CVE-2024-44194
alias/CVE-2024-44200
alias/CVE-2024-44290
alias/CVE-2024-44296
alias/CVE-2024-44212
alias/CVE-2024-44244
alias/CVE-2024-44250
alias/CVE-2024-44299
alias/CVE-2024-44241
alias/CVE-2024-44242
alias/CVE-2024-44285
alias/CVE-2024-44286
alias/CVE-2024-54535
alias/CVE-2024-44298
alias/CVE-2024-38477
alias/CVE-2024-38476
alias/CVE-2024-44255
agent/tags
alias/CVE-2024-44126
agent/softwarecombine
vendor/apple
canonical/apple macos
canonical/apple ios and macos
version/apple ios and macos/14.0
canonical/macos
canonical/macos ventura