Privacy Bypass Vulnerability Affects macOS Sequoia MDM Managed Devices

Summary

The CVE-2024-44133 vulnerability affects macOS Sequoia MDM managed devices, allowing apps to bypass certain Privacy preferences. This issue has been exploited by the Adload malware to bypass macOS protections for the Safari browser, giving attackers unauthorized access to sensitive data such as cameras, microphones, and user locations. Apple released a fix for this vulnerability in macOS Sequoia 15, and Microsoft Defender for Endpoint has detected active exploitation of the flaw. Security teams are advised to patch the vulnerability as soon as possible, as it poses a serious risk of unauthorized access to user data. The exploitation of CVE-2024-44133 has been observed in the wild, indicating an active interest from threat actors. This highlights the importance of updating all macOS devices, actively monitoring for suspicious activity, and leveraging behavioral-based detection tools to identify and respond to potential threats.

News Articles

CVE-2024-44133

HM Surf macOS vuln potentially exploited by Adloader malware

In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems. The bug, tracked as CVE-2024-44133 (CVSS 5.5) and patched in...

1 month ago

The Register

CVE-2024-44133

HM Surf macOS vuln potentially exploited by Adloader malware

In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems. The bug, tracked as CVE-2024-44133 (CVSS 5.5) and patched in...

1 month ago

SC Media

CVE-2024-44133

Adload malware exploits flaw to bypass macOS protections for Safari

Microsoft warns users to patch the HM Surf flaw because Defender detected it was actively exploited.

1 month ago

More News...