Cyber Resilience

CVE-2024-44303

High

Published: 02 April 2026

Published
02 April 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0009 26.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44303 is a high-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 26.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-2 (Separation of System and User Functionality).

Deeper analysis

CVE-2024-44303 is a vulnerability in macOS that allows a malicious application to modify protected parts of the file system. The issue stems from insufficient checks, as indicated by its association with CWE-284 (Improper Access Control). It affects macOS versions prior to Sequoia 15.1 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), rated as High severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high confidentiality impact.

An unauthenticated attacker can exploit this vulnerability remotely over the network with no privileges or user interaction required. By leveraging the flaw, the attacker can execute a malicious application that modifies protected file system areas, potentially leading to unauthorized data access or manipulation consistent with the high confidentiality impact in the CVSS score.

Apple's advisory at https://support.apple.com/en-us/121564 states that the issue was addressed with improved checks and is fixed in macOS Sequoia 15.1. Security practitioners should ensure systems are updated to this version or later to mitigate the vulnerability.

EU & UK References

Vulnerability details

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Vulnerability enables unauthorized modification of protected macOS file system areas via improper access control, directly facilitating stored data manipulation and exploitation for privilege escalation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-43198Same product: Apple Macos
CVE-2025-30462Same product: Apple Macos
CVE-2024-40858Same product: Apple Macos
CVE-2025-24241Same product: Apple Macos
CVE-2026-28837Same product: Apple Macos
CVE-2025-43233Same product: Apple Macos
CVE-2026-20622Same product: Apple Macos
CVE-2025-43184Same product: Apple Macos
CVE-2025-30460Same product: Apple Macos
CVE-2025-24130Same product: Apple Macos

Affected Assets

apple
macos
≤ 15.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 enforces approved authorizations for access to system resources, directly addressing the improper access control that allowed malicious applications to modify protected file system areas.

prevent

SI-2 requires timely flaw remediation through patching to macOS Sequoia 15.1 or later, implementing the improved checks that fix CVE-2024-44303.

prevent

SC-2 separates system and user functionality into distinct domains, preventing malicious applications from accessing or modifying protected file system parts.

References