CVE-2024-44305

High

Published: 21 March 2025

Published

21 March 2025

Modified

24 March 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0006 19.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

Security Summary

CVE-2024-44305 is a privilege escalation vulnerability (CWE-863: Incorrect Authorization) affecting macOS Sonoma versions prior to 14.6, where an app may be able to gain root privileges. The issue stems from vulnerable code that has been addressed by its removal in the patched version. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high-impact local exploitation potential with low complexity and minimal prerequisites.

A local attacker with low-level privileges can exploit this vulnerability without user interaction. Successful exploitation allows the attacker to achieve full root access, potentially compromising confidentiality, integrity, and availability of the system at a high level.

Apple's advisory at https://support.apple.com/en-us/120911 confirms the fix in macOS Sonoma 14.6 through removal of the vulnerable code, recommending immediate updates to mitigate the risk.

Details

CWE(s): CWE-863

Affected Products

apple

macos

≤ 14.6

MITRE ATT&CK Enterprise Techniques

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local privilege escalation vulnerability (CWE-863) allowing an app to gain root access directly maps to exploitation of software vulnerabilities for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://support.apple.com/en-us/120911
Release Notes, Vendor Advisory · product-security@apple.com