CVE-2024-44305

High

Published: 21 March 2025

Published

21 March 2025

Modified

24 March 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0006 20.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44305 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and patching of flaws like this privilege escalation vulnerability fixed by code removal in macOS Sonoma 14.6.

AC-6 Least Privilege good match

prevent

Enforces least privilege to restrict low-privilege local attackers and apps from executing with or escalating to unnecessary root access.

AC-3 Access Enforcement good match

prevent

Mandates enforcement of approved authorizations to block incorrect authorization (CWE-863) that allows apps to gain root privileges.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local privilege escalation vulnerability (CWE-863) allowing an app to gain root access directly maps to exploitation of software vulnerabilities for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges.

Deeper analysisAI

CVE-2024-44305 is a privilege escalation vulnerability (CWE-863: Incorrect Authorization) affecting macOS Sonoma versions prior to 14.6, where an app may be able to gain root privileges. The issue stems from vulnerable code that has been addressed by its removal in the patched version. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high-impact local exploitation potential with low complexity and minimal prerequisites.

A local attacker with low-level privileges can exploit this vulnerability without user interaction. Successful exploitation allows the attacker to achieve full root access, potentially compromising confidentiality, integrity, and availability of the system at a high level.

Apple's advisory at https://support.apple.com/en-us/120911 confirms the fix in macOS Sonoma 14.6 through removal of the vulnerable code, recommending immediate updates to mitigate the risk.

Details

CWE(s): CWE-863

Affected Products

apple

macos

≤ 14.6

CVEs Like This One

CVE-2025-24267Same product: Apple Macos

CVE-2026-28817Same product: Apple Macos

CVE-2025-24277Same product: Apple Macos

CVE-2025-24234Same product: Apple Macos

CVE-2025-24255Same product: Apple Macos

CVE-2025-24170Same product: Apple Macos

CVE-2025-24228Same product: Apple Macos

CVE-2026-20658Same product: Apple Macos

CVE-2025-24233Same product: Apple Macos

CVE-2026-28821Same product: Apple Macos

References

https://support.apple.com/en-us/120911
Release Notes, Vendor Advisory · product-security@apple.com