Cyber Posture

CVE-2024-44199

High

Published: 21 March 2025

Published
21 March 2025
Modified
24 March 2025
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0011 28.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

Security Summary

CVE-2024-44199 is an out-of-bounds read vulnerability, classified under CWE-125, affecting macOS Sonoma versions prior to 14.6. Apple addressed the issue through improved input validation. The flaw enables an app to potentially cause unexpected system termination or read kernel memory.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Per the CVSS v3.1 score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), successful exploitation yields high confidentiality impact via kernel memory disclosure and high availability impact through system crashes, with no integrity impact.

Apple's security advisory confirms the issue is fixed in macOS Sonoma 14.6. Practitioners should apply this update promptly, as detailed at https://support.apple.com/en-us/120911.

Details

CWE(s)
CWE-125

Affected Products

apple
macos
≤ 14.6

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Out-of-bounds read in kernel allows local low-priv app to disclose kernel memory (facilitating privilege escalation via T1068) or trigger system crashes (enabling DoS via application/system exploitation in T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

References