CVE-2024-44199

High

Published: 21 March 2025

Published

21 March 2025

Modified

24 March 2025

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Score 0.0011 28.6th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44199 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Apple Macos. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the CVE's root cause of out-of-bounds read through improved input validation to prevent kernel memory disclosure and system crashes.

SI-16 Memory Protection good match

prevent

Implements memory safeguards such as bounds checking and isolation to block unauthorized kernel memory access by malicious apps.

SI-2 Flaw Remediation good match

prevent

Ensures timely remediation and patching of the specific flaw in macOS Sonoma prior to 14.6 to eliminate exploitability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Out-of-bounds read in kernel allows local low-priv app to disclose kernel memory (facilitating privilege escalation via T1068) or trigger system crashes (enabling DoS via application/system exploitation in T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause unexpected system termination or read kernel memory.

Deeper analysisAI

CVE-2024-44199 is an out-of-bounds read vulnerability, classified under CWE-125, affecting macOS Sonoma versions prior to 14.6. Apple addressed the issue through improved input validation. The flaw enables an app to potentially cause unexpected system termination or read kernel memory.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Per the CVSS v3.1 score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), successful exploitation yields high confidentiality impact via kernel memory disclosure and high availability impact through system crashes, with no integrity impact.

Apple's security advisory confirms the issue is fixed in macOS Sonoma 14.6. Practitioners should apply this update promptly, as detailed at https://support.apple.com/en-us/120911.

Details

CWE(s): CWE-125

Affected Products

apple

macos

≤ 14.6

CVEs Like This One

CVE-2025-24228Same product: Apple Macos

CVE-2025-24265Same product: Apple Macos

CVE-2026-28832Same product: Apple Macos

CVE-2025-24196Same product: Apple Macos

CVE-2025-30458Same product: Apple Macos

CVE-2025-24256Same product: Apple Macos

CVE-2026-20620Same product: Apple Macos

CVE-2025-24273Same product: Apple Macos

CVE-2026-28825Same product: Apple Macos

CVE-2025-24267Same product: Apple Macos

References

https://support.apple.com/en-us/120911
Release Notes, Vendor Advisory · product-security@apple.com