cve-2024-44172
Vulnerability from cvelistv5
Published
2025-01-27 21:46
Modified
2025-02-05 15:22
Severity ?
EPSS score ?
0.02%
(0.04355)
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15. An app may be able to access contacts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/121238 | Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122069 | Release Notes | |
| product-security@apple.com | https://support.apple.com/en-us/122070 | Release Notes |
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-44172", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T15:33:44.898319Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-05T15:22:01.807Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "15", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15. An app may be able to access contacts.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access contacts", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T21:46:28.084Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/122069", }, { url: "https://support.apple.com/en-us/121238", }, { url: "https://support.apple.com/en-us/122070", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-44172", datePublished: "2025-01-27T21:46:28.084Z", dateReserved: "2024-08-20T21:42:05.926Z", dateUpdated: "2025-02-05T15:22:01.807Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-44172\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2025-01-27T22:15:11.930\",\"lastModified\":\"2025-02-05T16:15:40.623\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15. An app may be able to access contacts.\"},{\"lang\":\"es\",\"value\":\"Se solucionó un problema de privacidad mejorando la redacción de datos privados en las entradas de registro. Este problema se solucionó en macOS Ventura 13.7.3, macOS Sonoma 14.7.3 y macOS Sequoia 15. Es posible que una aplicación pueda acceder a los contactos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.7.3\",\"matchCriteriaId\":\"A12642CB-69CC-4C6E-A2C2-CA8AE736EE88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.7.3\",\"matchCriteriaId\":\"9C523C7E-B1CF-454B-8AFD-B462C5120D9E\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/121238\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.apple.com/en-us/122069\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.apple.com/en-us/122070\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\"]}]}}", vulnrichment: { containers: "{\"cna\": {\"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"An app may be able to access contacts\"}]}], \"affected\": [{\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"version\": \"unspecified\", \"status\": \"affected\", \"lessThan\": \"14.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"version\": \"unspecified\", \"status\": \"affected\", \"lessThan\": \"15\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"version\": \"unspecified\", \"status\": \"affected\", \"lessThan\": \"13.7\", \"versionType\": \"custom\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15. An app may be able to access contacts.\"}], \"references\": [{\"url\": \"https://support.apple.com/en-us/122069\"}, {\"url\": \"https://support.apple.com/en-us/121238\"}, {\"url\": \"https://support.apple.com/en-us/122070\"}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2025-01-27T21:46:28.084Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-44172\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-28T15:33:44.898319Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-28T15:33:22.214Z\"}}]}", cveMetadata: "{\"cveId\": \"CVE-2024-44172\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"apple\", \"dateReserved\": \"2024-08-20T21:42:05.926Z\", \"datePublished\": \"2025-01-27T21:46:28.084Z\", \"dateUpdated\": \"2025-02-05T15:22:01.807Z\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.