Cyber Resilience

CVE-2024-44305

High

Published: 21 March 2025

Published
21 March 2025
Modified
24 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 20.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44305 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-44305 is a privilege escalation vulnerability (CWE-863: Incorrect Authorization) affecting macOS Sonoma versions prior to 14.6, where an app may be able to gain root privileges. The issue stems from vulnerable code that has been addressed by its removal in the patched version. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high-impact local exploitation potential with low complexity and minimal prerequisites.

A local attacker with low-level privileges can exploit this vulnerability without user interaction. Successful exploitation allows the attacker to achieve full root access, potentially compromising confidentiality, integrity, and availability of the system at a high level.

Apple's advisory at https://support.apple.com/en-us/120911 confirms the fix in macOS Sonoma 14.6 through removal of the vulnerable code, recommending immediate updates to mitigate the risk.

EU & UK References

Vulnerability details

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local privilege escalation vulnerability (CWE-863) allowing an app to gain root access directly maps to exploitation of software vulnerabilities for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-54509Same product: Apple Macos
CVE-2025-24176Same product: Apple Macos
CVE-2025-24267Same product: Apple Macos
CVE-2026-20658Same product: Apple Macos
CVE-2025-24170Same product: Apple Macos
CVE-2025-24255Same product: Apple Macos
CVE-2025-30449Same product: Apple Macos
CVE-2026-28923Same product: Apple Macos
CVE-2024-54546Same product: Apple Macos
CVE-2025-43257Same product: Apple Macos

Affected Assets

apple
macos
≤ 14.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and patching of flaws like this privilege escalation vulnerability fixed by code removal in macOS Sonoma 14.6.

prevent

Enforces least privilege to restrict low-privilege local attackers and apps from executing with or escalating to unnecessary root access.

prevent

Mandates enforcement of approved authorizations to block incorrect authorization (CWE-863) that allows apps to gain root privileges.

References