{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-23285","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2024-01-12T22:22:21.499Z","datePublished":"2024-03-08T01:35:31.663Z","dateUpdated":"2026-04-02T18:12:48.876Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"An app may be able to create symlinks to protected regions of the disk"}]}],"affected":[{"vendor":"Apple","product":"macOS","versions":[{"version":"0","status":"affected","lessThan":"14.4","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk."}],"references":[{"url":"https://support.apple.com/en-us/120895"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2026-04-02T18:12:48.876Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://support.apple.com/en-us/HT214084","tags":["x_transferred"]},{"url":"http://seclists.org/fulldisclosure/2024/Mar/21","tags":["x_transferred"]},{"url":"https://support.apple.com/kb/HT214084"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T18:27:48.727Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-61","lang":"en","description":"CWE-61 UNIX Symbolic Link (Symlink) Following"}]}],"affected":[{"vendor":"apple","product":"macos","cpes":["cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"14.0","status":"affected","lessThan":"14.4","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-08-27T19:47:04.907277Z","id":"CVE-2024-23285","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-27T20:20:42.533Z"}}]}}