CVE-2024-44133

medium

Description

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences.

References

References
More

https://securityaffairs.com/180503/hacking/microsoft-uncovers-macos-flaw-allowing-bypass-tcc-protections-and-exposing-sensitive-data.html

https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html

https://www.theregister.com/2024/10/21/microsoft_macos_hm_surf/

https://www.securityweek.com/microsoft-macos-vulnerability-potentially-exploited-in-adware-attacks/

https://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html

https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/

https://support.apple.com/en-us/121238

http://seclists.org/fulldisclosure/2024/Sep/33

Details

Source: Mitre, NVD

Published: 2024-09-17

Updated: 2025-11-04

Named Vulnerability: HM Surf

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N