CVE-2024-44248
📋 TL;DR
This vulnerability in macOS allows a user with screen sharing access to view another user's screen without proper authorization. It affects macOS Ventura and Sonoma systems with screen sharing enabled. The issue stems from improper state management in the screen sharing functionality.
💻 Affected Systems
- macOS
📦 What is this software?
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Unauthorized users could monitor sensitive activities, capture confidential information, or observe authentication credentials being entered on another user's screen.
Likely Case
Users with legitimate screen sharing access could inadvertently or intentionally view screens they shouldn't have access to, potentially exposing personal or work-related information.
If Mitigated
With proper access controls and monitoring, the impact is limited to authorized users who might exceed their permissions, which can be detected and audited.
🎯 Exploit Status
Exploitation requires existing screen sharing access, suggesting authenticated exploitation. No public exploit code has been identified in the provided references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Ventura 13.7.2, macOS Sonoma 14.7.2
Vendor Advisory: https://support.apple.com/en-us/121840
Restart Required: Yes
Instructions:
1. Open System Settings > General > Software Update. 2. Install macOS Ventura 13.7.2 or macOS Sonoma 14.7.2 update. 3. Restart the system when prompted.
🔧 Temporary Workarounds
Disable Screen Sharing
macOSTurn off screen sharing functionality to prevent exploitation entirely
sudo systemsetup -setremotelogin off
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.screensharing.plist
Restrict Screen Sharing Access
macOSLimit screen sharing to specific users only and monitor access logs
sudo dseditgroup -o edit -a username -t user com.apple.access_screensharing
🧯 If You Can't Patch
- Disable screen sharing on all affected systems immediately
- Implement strict access controls and audit logs for any screen sharing that must remain enabled
🔍 How to Verify
Check if Vulnerable:
Check macOS version in System Settings > General > About. If running Ventura <13.7.2 or Sonoma <14.7.2, the system is vulnerable if screen sharing is enabled.Check Version:
sw_versVerify Fix Applied:
Verify macOS version is 13.7.2 or higher for Ventura, or 14.7.2 or higher for Sonoma. Check that screen sharing functions normally without unauthorized access.📡 Detection & Monitoring
Log Indicators:
- Unexpected screen sharing connections in system logs
- Multiple simultaneous screen sharing sessions from single user
Network Indicators:
- Unusual VNC traffic patterns on port 5900
- Screen sharing connections outside normal business hours
SIEM Query:
source="macos_system_logs" event="ScreenSharing" user!="authorized_user" | stats count by src_ip, user