CVE-2024-44250

HighLPE

Published: 02 April 2026

Published

02 April 2026

Modified

03 April 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0006 18.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44250 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Apple Macos. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 18.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

Directly mitigates CWE-269 improper privilege management by ensuring apps execute with least privilege, preventing elevation and arbitrary code execution outside sandbox.

AC-3 Access Enforcement good match

prevent

Enforces access control policies and permissions restrictions to block apps from bypassing sandbox boundaries or accessing restricted resources.

SC-39 Process Isolation good match

prevent

Implements process isolation through sandboxing to confine app execution domains, preventing out-of-sandbox arbitrary code execution.

NVD Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

Deeper analysisAI

CVE-2024-44250 is a permissions issue, classified under CWE-269 (Improper Privilege Management), affecting macOS versions prior to Sequoia 15.1. The vulnerability stems from insufficient restrictions that allow an app to bypass its intended sandbox boundaries or gain elevated privileges, potentially leading to arbitrary code execution. Apple assigned it a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its local attack vector, low complexity, and significant impact across confidentiality, integrity, and availability with a scope change.

Exploitation requires a local attacker with high privileges (PR:H), such as an administrative user or a compromised process running with elevated rights. Successful exploitation enables the app to execute arbitrary code outside its sandbox or with heightened privileges, potentially compromising the system by accessing restricted resources, modifying critical data, or disrupting services.

Apple's advisory at https://support.apple.com/en-us/121564 confirms the issue was addressed in macOS Sequoia 15.1 through additional permissions restrictions, recommending users update to this version for mitigation. No workarounds are specified beyond applying the patch.

Details

CWE(s): CWE-269

Affected Products

apple

macos

≤ 15.1

CVEs Like This One

CVE-2025-24254Same product: Apple Macos

CVE-2025-43199Same product: Apple Macos

CVE-2025-30452Same product: Apple Macos

CVE-2025-43219Same product: Apple Macos

CVE-2025-43189Same product: Apple Macos

CVE-2025-24267Same product: Apple Macos

CVE-2025-24245Same product: Apple Macos

CVE-2026-28817Same product: Apple Macos

CVE-2025-24109Same product: Apple Macos

CVE-2025-24277Same product: Apple Macos

References

https://support.apple.com/en-us/121564
Release Notes, Vendor Advisory · product-security@apple.com