Login Sign Up

CVE-2024-44203

7.5 HIGH

📋 TL;DR

This CVE describes a permissions vulnerability in macOS that allows unauthorized applications to access a user's Photos Library without proper authorization. The issue affects macOS users who haven't updated to the latest version. This could lead to exposure of personal photos and media.

💻 Affected Systems

Products:
  • macOS
Versions: Versions prior to macOS Sequoia 15
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all macOS installations before Sequoia 15 that have Photos app/library functionality.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious app could exfiltrate entire Photos Library containing sensitive personal images, location data, and private moments without user knowledge or consent.

🟠

Likely Case

Malware or compromised legitimate apps could access and steal selected photos, potentially for blackmail, identity theft, or privacy violations.

🟢

If Mitigated

With proper app sandboxing and user permission controls, only authorized apps can access photos, limiting exposure.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring app execution on the target system.
🏢 Internal Only: MEDIUM - Malicious internal apps or compromised legitimate apps could exploit this to access user photos.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires malicious app installation or compromise of existing app. No public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15

Vendor Advisory: https://support.apple.com/en-us/121238

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install macOS Sequoia 15 update 5. Restart when prompted

🔧 Temporary Workarounds

Restrict App Permissions

macOS

Manually review and restrict Photos access for all applications in System Settings

Open System Settings > Privacy & Security > Photos > Review app permissions

Disable Photos Library Access

macOS

Temporarily disable Photos app and library access for non-essential applications

Open System Settings > Privacy & Security > Photos > Toggle off access for suspicious apps

🧯 If You Can't Patch

  • Implement strict application whitelisting to prevent unauthorized app installation
  • Use endpoint detection and response (EDR) tools to monitor for unusual Photos access patterns

🔍 How to Verify

Check if Vulnerable:

Check macOS version: If version is earlier than 15.0, system is vulnerable

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 15.0 or later and check Photos permission settings are properly enforced

📡 Detection & Monitoring

Log Indicators:

  • Unusual Photos access logs
  • App sandbox violations related to Photos library
  • Unexpected TCC (Transparency, Consent, and Control) permission requests

Network Indicators:

  • Unexpected outbound connections from apps with Photos access
  • Data exfiltration patterns matching photo file sizes

SIEM Query:

source="macos*" AND (event="TCC" OR event="sandbox") AND (resource="Photos" OR library="Photos")

📊 Metadata

CVE ID: CVE-2024-44203
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: October 28, 2024
Last Updated: October 31, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON