CVE-2024-44305
Published: 21 March 2025
Summary
CVE-2024-44305 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2024-44305 is a privilege escalation vulnerability (CWE-863: Incorrect Authorization) affecting macOS Sonoma versions prior to 14.6, where an app may be able to gain root privileges. The issue stems from vulnerable code that has been addressed by its removal in the patched version. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high-impact local exploitation potential with low complexity and minimal prerequisites.
A local attacker with low-level privileges can exploit this vulnerability without user interaction. Successful exploitation allows the attacker to achieve full root access, potentially compromising confidentiality, integrity, and availability of the system at a high level.
Apple's advisory at https://support.apple.com/en-us/120911 confirms the fix in macOS Sonoma 14.6 through removal of the vulnerable code, recommending immediate updates to mitigate the risk.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7141
Vulnerability details
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local privilege escalation vulnerability (CWE-863) allowing an app to gain root access directly maps to exploitation of software vulnerabilities for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and patching of flaws like this privilege escalation vulnerability fixed by code removal in macOS Sonoma 14.6.
Enforces least privilege to restrict low-privilege local attackers and apps from executing with or escalating to unnecessary root access.
Mandates enforcement of approved authorizations to block incorrect authorization (CWE-863) that allows apps to gain root privileges.