CVE-2024-44189

7.5 HIGH

📋 TL;DR

This macOS vulnerability allows a malicious process to capture screen contents without user consent or notification. It affects macOS systems before Sequoia 15, enabling unauthorized screen recording that could expose sensitive information displayed on the screen.

💻 Affected Systems

Products:

• macOS

Versions: Versions before macOS Sequoia 15

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All macOS systems before Sequoia 15 are vulnerable by default. No special configuration required.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could capture sensitive information displayed on screen including passwords, financial data, private communications, and confidential documents without any user indication.

🟠

Likely Case

Malicious applications or malware could silently record screen activity to steal credentials, monitor user behavior, or capture sensitive information.

🟢

If Mitigated

With proper application vetting and user awareness, risk is reduced but still present for zero-day or unknown malicious applications.

🌐 Internet-Facing: LOW - This requires local process execution, not directly exploitable over network.

🏢 Internal Only: HIGH - Malicious local applications or compromised user accounts could exploit this to capture sensitive information from other applications.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires malicious application installation or compromise of existing application. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15

Vendor Advisory: https://support.apple.com/en-us/121238

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install macOS Sequoia 15 update 5. Restart when prompted

🔧 Temporary Workarounds

Application Sandboxing Enforcement

macOS

Use macOS privacy controls to restrict screen recording permissions for untrusted applications

Copy

System Settings > Privacy & Security > Screen Recording > Review and disable permissions for suspicious applications

🧯 If You Can't Patch

• Implement strict application allow-listing to prevent unauthorized applications from running
• Educate users about risks of installing untrusted applications and enable Gatekeeper with maximum security settings

🔍 How to Verify

Check if Vulnerable:

Copy

Check macOS version: if version is earlier than 15.0, system is vulnerable

Check Version:

Copy

sw_vers

Verify Fix Applied:

Copy

Verify macOS version is 15.0 or later and check that screen recording permissions are properly enforced

📡 Detection & Monitoring

Log Indicators:

• Look for unexpected screen recording permission grants in system logs
• Monitor for applications requesting screen recording permissions

Network Indicators:

• No direct network indicators - this is a local privilege issue

SIEM Query:

Copy

process_name:"ScreenCapture" AND NOT user_approved:true

📊 Metadata

CVE ID: CVE-2024-44189

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published: September 17, 2024

Last Updated: November 4, 2025

🔗 References

• https://support.apple.com/en-us/121238 Vendor Advisory
• http://seclists.org/fulldisclosure/2024/Sep/33

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON