![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[DEALS] The Premium Python Programming PCEP Certification Prep Bundle (67% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
-Mafia-The-Old-Country---The-Initiation-Trailer-00-00-54.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-Nintendo-Switch-2---Reveal-Trailer-00-01-52.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Sergey_Tarasov_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Instacart’s new Fizz alcohol delivery app is aimed at Gen Z [U]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/05/Instacarts-new-Fizz-alcohol-delivery-app-is-aimed-at-Gen-Z.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[Update] A renewed Pixel Watch 2 is a steal at under $80 on Amazon](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/10/Pixel-Watch-2-in-pocket-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![Beats Studio Pro Wireless Headphones Now Just $169.95 - Save 51%! [Deal]](https://www.iclarified.com/images/news/97258/97258/97258-640.jpg)
Researchers Details macOS Remote Code Execution Vulnerability – CVE-2024-44236
A critical remote code execution vulnerability identified in Apple’s macOS operating system, tracked as CVE-2024-44236. The vulnerability, which carries a high CVSS score of 7.8, could allow attackers to execute arbitrary code by tricking users into opening specially crafted files. The flaw was discovered by Hossein Lotfi (@hosselot) of Trend Micro’s Zero Day Initiative and […] The post Researchers Details macOS Remote Code Execution Vulnerability – CVE-2024-44236 appeared first on Cyber Security News.
A critical remote code execution vulnerability identified in Apple’s macOS operating system, tracked as CVE-2024-44236. The vulnerability, which carries a high CVSS score of 7.8, could allow attackers to execute arbitrary code by tricking users into opening specially crafted files.
The flaw was discovered by Hossein Lotfi (@hosselot) of Trend Micro’s Zero Day Initiative and was patched by Apple in the macOS Ventura 13.7.1, macOS Sonoma 14.7.1, and macOS Sequoia 15.1 updates released on October 28, 2024.
macOS Remote Code Execution Vulnerability – CVE-2024-44236
According to the detailed analysis, CVE-2024-44236 is an out-of-bounds write vulnerability affecting the parsing of ICC (International Color Consortium) profiles in macOS’s Scriptable Image Processing System (sips), a built-in terminal utility that allows users to verify, edit, and process image files.
“An out-of-bounds access issue was addressed with improved bounds checking. Processing a maliciously crafted file may lead to unexpected app termination”, Apple stated in its security bulletin.
The vulnerability stems from improper validation of the “lutAToBType” and “lutBToAType” tag types within ICC Profile files.
These profiles, which characterize color input/output devices or color spaces, consist of a Header, Tag Table, and tagged element data.
Technically, the flaw exists in the function sub_1000194D0() which handles these structures. The critical issue occurs when processing the “Offset to CLUT” field value.
If an attacker sets this offset equal to the total length of the tagged element data, the function will read and potentially modify memory up to 16 bytes past the end of the heap-allocated buffer.
“Due to the insufficient validation of the ‘Offset to CLUT’ field value, it is possible to set an offset equal to the total length of the tagged element data. That would cause the function to read and possibly modify memory up to 16 bytes past the end of the heap-allocated buffer,” explained Trend Research Team.
The vulnerability has been assigned a vector string of AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that while user interaction is required, an attacker needs no special privileges to execute code with potentially high impact on confidentiality, integrity, and availability.
To exploit this vulnerability, an attacker would need to craft a malicious ICC Profile file and convince a user to process it.
This could be accomplished through various attack vectors including email attachments, malicious websites, or compromised file-sharing services.
The vulnerability could be delivered through multiple channels including FTP, HTTP, HTTPS, IMAP, NFS, POP3, SMB/CIFS, and SMTP protocols.
Risk Factors Details Affected Products macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15.1 Impact Arbitrary code execution Exploit Prerequisites User must open a maliciously crafted ICC Profile file CVSS 3.1 Score 6.5 (Medium)
Mitigation
Apple’s patch improves bounds checking to address the vulnerability. Users are strongly encouraged to update their systems to the latest versions of macOS to protect against potential exploitation.
As of the publication date, no attacks exploiting this vulnerability have been detected in the wild. However, given the detailed technical information now available, it’s crucial for all macOS users to apply the security updates promptly.
This discovery underscores the continuing importance of vulnerability research in identifying and addressing potential security threats before malicious actors can widely exploit them.
Vulnerability Attack Simulation on How Hackers Rapidly Probe Websites for Entry Points – Free Webinar
The post Researchers Details macOS Remote Code Execution Vulnerability – CVE-2024-44236 appeared first on Cyber Security News.
.webp?#)
