CVE-2024-44228

This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.
References
Link Resource
https://support.apple.com/en-us/121239 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*

History

30 Oct 2024, 20:35

Type Values Removed Values Added
CWE CWE-276

29 Oct 2024, 20:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://support.apple.com/en-us/121239 - () https://support.apple.com/en-us/121239 - Vendor Advisory
CWE NVD-CWE-noinfo
First Time Apple xcode
Apple
CPE cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*

29 Oct 2024, 14:34

Type Values Removed Values Added
Summary
  • (es) Este problema se solucionó mejorando la verificación de permisos. Este problema se solucionó en Xcode 16. Una aplicación puede heredar permisos de Xcode y acceder a datos de usuario.

28 Oct 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-28 21:15

Updated : 2024-10-30 20:35


NVD link : CVE-2024-44228

Mitre link : CVE-2024-44228

CVE.ORG link : CVE-2024-44228


JSON object : View

Products Affected

apple

  • xcode
CWE
NVD-CWE-noinfo CWE-276

Incorrect Default Permissions