Cyber Resilience

CVE-2024-44250

HighLPE

Published: 02 April 2026

Published
02 April 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0015 5.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-44250 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Apple Macos. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-44250 is a permissions issue, classified under CWE-269 (Improper Privilege Management), affecting macOS versions prior to Sequoia 15.1. The vulnerability stems from insufficient restrictions that allow an app to bypass its intended sandbox boundaries or gain elevated privileges, potentially leading to arbitrary code execution. Apple assigned it a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its local attack vector, low complexity, and significant impact across confidentiality, integrity, and availability with a scope change.

Exploitation requires a local attacker with high privileges (PR:H), such as an administrative user or a compromised process running with elevated rights. Successful exploitation enables the app to execute arbitrary code outside its sandbox or with heightened privileges, potentially compromising the system by accessing restricted resources, modifying critical data, or disrupting services.

Apple's advisory at https://support.apple.com/en-us/121564 confirms the issue was addressed in macOS Sequoia 15.1 through additional permissions restrictions, recommending users update to this version for mitigation. No workarounds are specified beyond applying the patch.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability is a local improper privilege management flaw (sandbox bypass) that directly enables exploitation for privilege escalation to achieve arbitrary code execution with elevated rights.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-28919Same product: Apple Macos
CVE-2026-28840Same product: Apple Macos
CVE-2025-43199Same product: Apple Macos
CVE-2025-24254Same product: Apple Macos
CVE-2026-28976Same product: Apple Macos
CVE-2025-24195Same product: Apple Macos
CVE-2026-28925Same product: Apple Macos
CVE-2025-43257Same product: Apple Macos
CVE-2025-24228Same product: Apple Macos
CVE-2025-30464Same product: Apple Macos

Affected Assets

apple
macos
≤ 15.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CWE-269 improper privilege management by ensuring apps execute with least privilege, preventing elevation and arbitrary code execution outside sandbox.

prevent

Enforces access control policies and permissions restrictions to block apps from bypassing sandbox boundaries or accessing restricted resources.

prevent

Implements process isolation through sandboxing to confine app execution domains, preventing out-of-sandbox arbitrary code execution.

References