Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-44243
CVE-2024-44243:
macOS vulnerability analysis and mitigation
Overview
A medium-severity vulnerability (CVE-2024-44243) with a CVSS score of 5.5 was discovered in Apple macOS that could allow an application to modify protected parts of the file system. The vulnerability was identified as a configuration issue in the Storage Kit daemon (storagekitd) and was patched in macOS Sequoia 15.2, released on December 11, 2024. The flaw affects macOS versions from 15.0 up to (excluding) 15.2 (Apple Advisory, Microsoft Research).
Technical details
The vulnerability exploits the Storage Kit daemon's (storagekitd) 'com.apple.rootless.install.heritable' entitlement to bypass System Integrity Protection (SIP). The flaw allows attackers running as root to take advantage of storagekitd's ability to invoke arbitrary processes without proper validation or dropping privileges. This can be achieved by delivering a new file system bundle to /Library/Filesystems and overriding binaries associated with the Disk Utility, which could then be triggered during certain operations such as disk repair (Microsoft Research).
Impact
The successful exploitation of this vulnerability could lead to serious security consequences, including the installation of rootkits, creation of persistent malware, bypass of Transparency, Consent and Control (TCC), and expansion of the attack surface. If SIP is bypassed, the entire operating system's reliability becomes compromised, and threat actors can potentially tamper with security solutions on the device to evade detection (Microsoft Research).
Mitigation and workarounds
Apple has addressed this vulnerability in macOS Sequoia 15.2. Users are strongly advised to update their operating system to the latest version to protect against this security flaw. Given SIP's low-level implementation, updating the operating system is the only way for users to protect themselves from such attacks (Apple Advisory).
Community reactions
Security experts, including Jaron Bradley, director of Threat Labs at Jamf, emphasized that SIP remains a coveted target for bug researchers and attackers, noting that many of Apple's security measures operate on the assumption that SIP cannot be bypassed. The vulnerability was independently discovered by Microsoft and security researcher Mickey Jin, who reported it to Apple through the Coordinated Vulnerability Disclosure (CVD) program (Microsoft Research).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management