CVE-2024-23285: An app may be able to create symlinks to protected regions of the disk in Apple macOS
CVE-2024-23285 is a high-severity vulnerability in Apple macOS that allowed an application to create symbolic links (symlinks) to protected regions of the disk. This could potentially enable unauthorized access or modification of sensitive filesystem areas. The issue was addressed and fixed in macOS Sonoma 14. 4 through improved handling of symlinks. The vulnerability has a CVSS score of 7. 8, indicating a high impact on confidentiality, integrity, and availability. There are no known exploits in the wild at this time. The vendor advisory confirms that the fix is included in the macOS Sonoma 14. 4 update released on March 7, 2024.
AI Analysis
Technical Summary
This vulnerability (CVE-2024-23285) in macOS allowed apps with limited privileges to create symbolic links pointing to protected disk regions, potentially bypassing filesystem protections. Apple resolved the issue by improving symlink handling in macOS Sonoma 14.4. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates the attack requires local access with low complexity and limited privileges but results in high confidentiality, integrity, and availability impacts. The vendor advisory explicitly states the issue is fixed in macOS Sonoma 14.4.
Potential Impact
If exploited, this vulnerability could allow a local app to create symlinks to protected filesystem areas, potentially leading to unauthorized data access, modification, or disruption of system availability. The CVSS score of 7.8 reflects a high impact on confidentiality, integrity, and availability. No active exploits are currently known, but the vulnerability could facilitate privilege escalation or data compromise if left unpatched.
Mitigation Recommendations
Apply the official update to macOS Sonoma 14.4 or later, which includes the fix for this vulnerability. Apple has addressed the issue with improved symlink handling. No additional mitigation steps are indicated by the vendor advisory. Systems running earlier versions remain vulnerable until updated.
CVE-2024-23285: An app may be able to create symlinks to protected regions of the disk in Apple macOS
Description
CVE-2024-23285 is a high-severity vulnerability in Apple macOS that allowed an application to create symbolic links (symlinks) to protected regions of the disk. This could potentially enable unauthorized access or modification of sensitive filesystem areas. The issue was addressed and fixed in macOS Sonoma 14. 4 through improved handling of symlinks. The vulnerability has a CVSS score of 7. 8, indicating a high impact on confidentiality, integrity, and availability. There are no known exploits in the wild at this time. The vendor advisory confirms that the fix is included in the macOS Sonoma 14. 4 update released on March 7, 2024.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2024-23285) in macOS allowed apps with limited privileges to create symbolic links pointing to protected disk regions, potentially bypassing filesystem protections. Apple resolved the issue by improving symlink handling in macOS Sonoma 14.4. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates the attack requires local access with low complexity and limited privileges but results in high confidentiality, integrity, and availability impacts. The vendor advisory explicitly states the issue is fixed in macOS Sonoma 14.4.
Potential Impact
If exploited, this vulnerability could allow a local app to create symlinks to protected filesystem areas, potentially leading to unauthorized data access, modification, or disruption of system availability. The CVSS score of 7.8 reflects a high impact on confidentiality, integrity, and availability. No active exploits are currently known, but the vulnerability could facilitate privilege escalation or data compromise if left unpatched.
Mitigation Recommendations
Apply the official update to macOS Sonoma 14.4 or later, which includes the fix for this vulnerability. Apple has addressed the issue with improved symlink handling. No additional mitigation steps are indicated by the vendor advisory. Systems running earlier versions remain vulnerable until updated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-01-12T22:22:21.499Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a47576d939959c8022c27
Added to database: 11/4/2025, 6:35:03 PM
Last enriched: 4/9/2026, 11:08:29 PM
Last updated: 5/9/2026, 8:45:36 AM
Views: 47
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.