Handling of Symlinks Improved to Address Security Risks

CVE-2024-44258

7.1HIGH

Key Information

Vendor: Apple
Status: Visionos; iOS And iPad OS; TV OS
Vendor: CVE Published:; 28 October 2024

Badges

😄 Trended👾 Exploit Exists🔴 Public PoC

Summary

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.

Affected Version(s)

visionOS < 2.1

iOS and iPadOS < 17.7

tvOS < 18.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-44258
Created by ifpdz

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability started trending.
Nov 4, 2024
👾
Exploit exists.
Oct 29, 2024
Vulnerability published.
Oct 28, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)