CVE-2024-44255 - Vulnerability Details

A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Apple	Ipados Iphone Os Mac Os Macos Tvos Visionos Watch Os Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/121563
https://support.apple.com/en-us/121565
https://support.apple.com/en-us/121566
https://support.apple.com/en-us/121568
https://support.apple.com/en-us/121569
https://support.apple.com/en-us/121570

History

Wed, 30 Oct 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple macos Apple watchos
CPEs		cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:watchos::::::::
Vendors & Products		Apple macos Apple watchos

Wed, 30 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple mac Os Apple tvos Apple visionos Apple watch Os
Weaknesses		CWE-22
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:mac_os:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:watch_os::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple mac Os Apple tvos Apple visionos Apple watch Os
Metrics		cvssV3_1 `{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 28 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Description		A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent.
References		https://support.apple.com/en-us/121563 https://support.apple.com/en-us/121565 https://support.apple.com/en-us/121566 https://support.apple.com/en-us/121568 https://support.apple.com/en-us/121569 https://support.apple.com/en-us/121570

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-10-28T21:07:44.639Z

Updated: 2024-11-01T03:55:39.520Z

Reserved: 2024-08-20T21:45:40.786Z

Link: CVE-2024-44255

Vulnrichment

Updated: 2024-10-30T16:01:20.622Z

NVD

Status : Analyzed

Published: 2024-10-28T21:15:07.003

Modified: 2024-10-30T18:26:03.767

Link: CVE-2024-44255

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object