CVE-2024-44133

Published Sep 17, 2024

Last updated 9 months ago

CVSS medium 5.5

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-44133, codenamed "HM Surf" by Microsoft, is an authorization bypass vulnerability discovered in Apple macOS. This flaw specifically impacts the Transparency, Consent, and Control (TCC) framework, which is designed to manage user privacy preferences. The vulnerability allows an application to bypass certain privacy preferences on devices managed through Mobile Device Management (MDM). Exploitation of CVE-2024-44133 could lead to unauthorized access to sensitive user data, such as browsing history, location, camera, and microphone information, without explicit user consent. This is achieved by manipulating TCC protections within the Safari browser directory and local configuration files, including modifications to `PerSitePreferences`. Apple addressed this issue by removing the vulnerable code in macOS Sequoia 15.

Description
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences.
Source
product-security@apple.com
NVD status
Modified
Products
macos

Risk scores

CVSS 3.1

Type
Primary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. 🚨 New #macOS vulnerability, CVE-2024-44133, lets attackers bypass Safari privacy settings & access sensitive data! Patch up with macOS Sequoia 15 & stay secure. Don't let intruders peek into your digital life! 🛡️ #CyberSecurity #TechNews #MacOS https://t.co/MSiAawjIDZ

    @HexcladSecurity

    40 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, #PoC Published Learn about CVE-2024-44133, a serious vulnerability in #macOS that bypasses Apple's #TCC technology, potentially exposing sensitive user data https://t.co/ADtDQ03uM8

    @the_yellow_fall

    83 Impressions

    2 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. macOSで同意なくカメラとマイクを使用できる脆弱性"HM Surf" (CVE-2024-44133)のPoC(攻撃の概念実証コード)が公開された。AppleのTransparency, Consent, and Control (TCC)機構を回避するもの。Safariディレクトリ内の設定ファイル変更により既定の動作を変更可能だった。 https://t.co/MfN0vukAKW

    @__kokumoto

    2766 Impressions

    19 Retweets

    49 Likes

    17 Bookmarks

    0 Replies

    0 Quotes

  4. 🛑 Microsoft discovered a serious security flaw (CVE-2024-44133) in #Apple’s macOS TCC framework that could bypass user consent for sensitive data access like your location, camera, or microphone! Learn more: https://t.co/Cj6WQgWs8g... https://t.co/Fe4zboxnaq

    @IT_news_for_all

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. اكتشفت مايكروسوفت ثغرة على نظام الماك كانت من ضمن الثغرات الامنية التي اغلقتها ابل في نظام ماك ساكويا ثغرة " CVE-2024-44133 " باسم HM Surf التي تسمح بازالة حماية TCC في سفاري .. وهي تمكن المخترق من الوصول غير المصرح به لسجل الزيارة والكاميرا وغيرها .. تم اغلاق الثغرة في اصدار…

    @mr_thamer

    3984 Impressions

    3 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  6. Yeni keşfedilen bir macOS güvenlik açığı, "HM Surf", saldırganların Transparency, Consent, and Control (TCC) teknolojisini atlatarak korunan verilere yetkisiz erişim sağlamasına olanak tanır. Bu güvenlik açığı, CVE-2024-44133 olarak tanımlanmıştır. https://t.co/SE2qAYYahN

    @cyberinlab

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Safari Surprise: Mac Users Unwittingly Invite Spies with CVE-2024-44133 Vulnerability! Hot Take: Apple's Safari has managed to pull a Houdini on macOS users by giving sneaky apps the keys to the kingdom, all while the TCC security layer was napping. Meanwhile, cyber villains… h

    @TheNimbleNerd

    40 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 📌 أعلنت مايكروسوفت عن ثغرة أمنية في إطار الشفافية والموافقة والتحكم (TCC) في macOS، تُعرف بـ HM Surf، والتي تم استغلالها لتجاوز تفضيلات الخصوصية والوصول إلى البيانات. تم معالجة الثغرة، المسجلة كـ CVE-2024-44133، في تحديث macOS Sequoia 15 من قبل آبل. #الامن_السيبراني https://t.c

    @cyberetweet

    51 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. AppleのmacOSに重大な脆弱性「HM Surf」が発見されました。この問題により、ユーザーの同意なしにカメラやマイクにアクセスされる可能性があります。 #macOS脆弱性 #HMSurf CVE-2024-44133 https://t.co/CwTLuIBUXZ

    @innovaTopia_JP

    72 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🍎 YOUR MAC IS WATCHING YOU. 📌 A new vulnerability (CVE-2024-44133) discovered by Microsoft allows attackers to bypass macOS TCC protections completely. 📌 The Exploit: By manipulating Safari's configuration files, malware can inherit sensitive permissions without asking

    @TTheBattlefield

    7 Jan 2026

    11935 Impressions

    11 Retweets

    32 Likes

    12 Bookmarks

    2 Replies

    1 Quote

  11. Actively exploited CVE : CVE-2024-44133

    @transilienceai

    4 Nov 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Actively exploited CVE : CVE-2024-44133

    @transilienceai

    30 Oct 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2024-44133

    @transilienceai

    29 Oct 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Microsoft urges macOS users to update due to CVE-2024-44133, a vulnerability patched in September that could allow Adloader malware to access a device's camera, microphone, and location. #Cybersecurity #macOS #Privacy https://t.co/Qvb5RSNOhI https://t.co/25MQNnp0Ng

    @JoshMoulin

    28 Oct 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ⚠️REPORT: New #Apple #macOS vulnerability allows unauthorized data access https://t.co/Z4Ftb1GIrt CVE-2024-44133, CVSS Score 5.5 could allow a malicious actor to evade the OS’s TCC technology, providing the attacker with unauthorized access via Security Magazine #CyberSecurity ht

    @SecTicks

    27 Oct 2024

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🛠️🏄 Introducing Introducing HM-Surf Evaluator by @yo_yo_yo_jbo - to assess macOS browsers for CVE-2024-44133 vulnerability. 🚀 What does it do?: - Tests how susceptible your macOS browsers are to unauthorized data access exploits. - Provides an HTML demo that attempts to… htt

    @IntCyberDigest

    25 Oct 2024

    87 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. دوستان MacOS باز سریع بروزرسانی کنید! مایکروسافت هشدار داده که آسیب‌پذیری متوسط "HM Surf" می‌تونه به هکر اجازه بده به داده‌های حساس کاربر دسترسی پیدا کنه. این نقص با عنوان CVE-2024-44133 شناسایی شده و می‌تونه به اطلاعاتی مانند صفحات مرورگر، دوربین و مکان دستگاه دسترسی داشته باشه

    @farajimahdi

    23 Oct 2024

    114 Impressions

    0 Retweets

    7 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. A exploração da vulnerabilidade CVE-2024-44133 no macOS pode estar relacionada ao malware Adloader. https://t.co/hpS3XHvVLH https://t.co/oRaaZiVT3z

    @DMZCast

    22 Oct 2024

    27 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. HackRead: RT @HackRead: 🚨 Microsoft discovered a #macOS vulnerability, “HM Surf” (CVE-2024-44133), which bypasses TCC protections, allowing unauthori…

    @MrsYisWhy

    22 Oct 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2024-44133: Microsoft Uncovers macOS Security Hole in TCC Framework https://t.co/rHH7KMJaYy

    @the_yellow_fall

    22 Oct 2024

    264 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. New macOS Vulnerability: Researchers at Microsoft discovered a new macOS vulnerability called "HM Surf" (CVE-2024-44133), which bypasses TCC protections, allowing unauthorized access to sensitive data like the camera and microphone. #MacOS #vulnerability #DarkWeb #DarkWebNews ht

    @darkwebinsight

    22 Oct 2024

    198 Impressions

    0 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  22. #exploit 1. CVE-2024-44133: Privacy Controls Bypasses in Safari (+ "HM-Surf" evaluator) https://t.co/hmtWNvAm0T 2. CVE-2024-27983: HTTP2 Node.js server DoS https://t.co/tbe7oV3vkJ

    @ksg93rd

    20 Oct 2024

    173 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. #exploit #CyberSecurity 1. CVE-2024-44133: Privacy Controls Bypasses in Safari (+ "HM-Surf" evaluator) https://t.co/mIejpGFopB 2. CVE-2024-27983: HTTP2 Node.js server DoS https://t.co/032awWZQg1

    @ShaiiikShoaiiib

    20 Oct 2024

    44 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨 Attention macOS users! A newly discovered vulnerability can bypass Safari's privacy controls, putting your data at risk. Microsoft has revealed this flaw, tracked as CVE-2024-44133. Stay safe—update your system now! 🔒👉 https://t.co/VKxZHAMJ7u

    @StackZeroSec

    20 Oct 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. The issue, tracked as CVE-2024-44133, allows attackers to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and access user data. Apple addressed the bug in macOS Sequoia 15 in mid-September by removing the ... To read more, click link in bio htt

    @Inventrium

    20 Oct 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.