Permissions Inheritance Vulnerability in Xcode by Apple
CVE-2024-44228

7.5HIGH

Key Information:

Vendor: Apple
Status: Xcode
Vendor: CVE Published:; 28 October 2024

What is CVE-2024-44228?

The vulnerability involves inadequate permission checks within Xcode that may allow a malicious app to inherit the permissions of Xcode itself. This could potentially grant unauthorized access to sensitive user data. The issue has been addressed in Xcode 16 with improved permissions verification mechanisms to ensure user data remains protected. Users are advised to update to the latest version to safeguard against this vulnerability.

Affected Version(s)

Xcode < 16

References

https://support.apple.com/en-us/121239

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2024