CVE-2024-44255: 
macOS vulnerability analysis and mitigation

A path handling vulnerability (CVE-2024-44255) was discovered affecting multiple Apple operating systems. The vulnerability was disclosed on October 28, 2024, and affects visionOS 2.1, iOS 18.1, iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, and tvOS 18.1. The issue allows a malicious app to run arbitrary shortcuts without user consent (Apple iOS, Apple Vision).

The vulnerability is classified as a path handling issue that was addressed with improved logic. It has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is also tracked under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD).

When exploited, this vulnerability allows a malicious application to execute arbitrary shortcuts on the affected system without requiring user consent. This could potentially lead to unauthorized actions being performed on the user's device (Apple iOS).

Apple has released security updates to address this vulnerability across their affected operating systems. Users should update to visionOS 2.1, iOS 18.1, iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, or tvOS 18.1 depending on their device (Apple iOS, Apple Vision).