CVE-2024-27872: An app may be able to access protected user data in Apple macOS
CVE-2024-27872 is a medium severity vulnerability in Apple macOS Sonoma that could allow a malicious application with limited privileges to access protected user data. The issue stems from insufficient validation of symbolic links (symlinks), which was addressed by Apple through improved validation checks. This vulnerability does not require user interaction to be exploited and has a CVSS score of 5. 5. Apple released a fix for this vulnerability in macOS Sonoma 14. 6 on July 29, 2024. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
CVE-2024-27872 is a vulnerability in macOS Sonoma where an application with limited privileges may access protected user data due to inadequate validation of symbolic links. The flaw is categorized under CWE-61 (Improper Restriction of Symbolic Links in a File System). Apple addressed this issue by enhancing symlink validation in the macOS Sonoma 14.6 update. The vulnerability has a CVSS 3.1 base score of 5.5, reflecting a medium severity level with local attack vector, low attack complexity, and no user interaction required. The fix is included in the official macOS Sonoma 14.6 release.
Potential Impact
A malicious application running with limited privileges on macOS Sonoma could exploit this vulnerability to access protected user data that should otherwise be restricted. This could lead to unauthorized disclosure of sensitive information. The vulnerability does not allow integrity or availability impacts, only confidentiality is affected. There are no reports of exploitation in the wild as of the advisory date.
Mitigation Recommendations
Apple has released an official fix for this vulnerability in macOS Sonoma 14.6. Users and administrators should apply this update promptly to remediate the issue. Since the patch is available and included in the official macOS update, no additional mitigation steps are required beyond installing the update.
CVE-2024-27872: An app may be able to access protected user data in Apple macOS
Description
CVE-2024-27872 is a medium severity vulnerability in Apple macOS Sonoma that could allow a malicious application with limited privileges to access protected user data. The issue stems from insufficient validation of symbolic links (symlinks), which was addressed by Apple through improved validation checks. This vulnerability does not require user interaction to be exploited and has a CVSS score of 5. 5. Apple released a fix for this vulnerability in macOS Sonoma 14. 6 on July 29, 2024. There are no known exploits in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-27872 is a vulnerability in macOS Sonoma where an application with limited privileges may access protected user data due to inadequate validation of symbolic links. The flaw is categorized under CWE-61 (Improper Restriction of Symbolic Links in a File System). Apple addressed this issue by enhancing symlink validation in the macOS Sonoma 14.6 update. The vulnerability has a CVSS 3.1 base score of 5.5, reflecting a medium severity level with local attack vector, low attack complexity, and no user interaction required. The fix is included in the official macOS Sonoma 14.6 release.
Potential Impact
A malicious application running with limited privileges on macOS Sonoma could exploit this vulnerability to access protected user data that should otherwise be restricted. This could lead to unauthorized disclosure of sensitive information. The vulnerability does not allow integrity or availability impacts, only confidentiality is affected. There are no reports of exploitation in the wild as of the advisory date.
Mitigation Recommendations
Apple has released an official fix for this vulnerability in macOS Sonoma 14.6. Users and administrators should apply this update promptly to remediate the issue. Since the patch is available and included in the official macOS update, no additional mitigation steps are required beyond installing the update.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-02-26T15:32:28.541Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a3b67ff58c9332ff0a52d
Added to database: 11/4/2025, 5:44:07 PM
Last enriched: 4/9/2026, 11:20:28 PM
Last updated: 5/9/2026, 9:25:17 AM
Views: 151
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.