{"vulnerability": "CVE-2024-4413", "sightings": [{"uuid": "18c32497-0524-4835-a03c-fae85e0688f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/560", "content": "#exploit\n1. CVE-2024-44133:\nPrivacy Controls Bypasses in Safari (+ \"HM-Surf\" evaluator)\nhttps://github.com/yo-yo-yo-jbo/hm-surf\n\n2. CVE-2024-27983:\nHTTP2 Node.js server DoS\nhttps://github.com/lirantal/CVE-2024-27983-nodejs-http2", "creation_timestamp": "2024-10-19T15:26:15.000000Z"}, {"uuid": "4cd041c3-2cbf-43f7-80b2-51c74f202129", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "seen", "source": "Telegram/fDixqZudfjq4lNxkSsV7qFa8eCouEhRYwyrDDbEagizz1w", "content": "", "creation_timestamp": "2024-10-18T11:28:34.000000Z"}, {"uuid": "eec3f0d2-68c3-4469-94fd-e2dd08e67670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "exploited", "source": "https://t.me/ViralCyber/7255", "content": "\ud83d\udd34 \u0647\u0634\u062f\u0627\u0631 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0628\u0647 \u0627\u067e\u0644: \u062e\u0637\u0631 \u0627\u0641\u0634\u0627\u06cc \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631 \u0628\u0627 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 macOS\n\n\u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc macOS \u0631\u0627 \u06a9\u0634\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0631\u0627 \u0642\u0627\u062f\u0631 \u0628\u0647\u200c\u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u0645\u062d\u0627\u0641\u0638\u062a\u200c\u0634\u062f\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u06a9\u0646\u062f \u0648 \u0646\u0633\u0628\u062a \u0628\u0647 \u0627\u062d\u062a\u0645\u0627\u0644 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0641\u0639\u0627\u0644 \u0627\u0632 \u0622\u0646\u060c \u0647\u0634\u062f\u0627\u0631 \u062f\u0627\u062f\u0647 \u0627\u0633\u062a.\n\u200c\n\u0627\u06cc\u0646 \u0646\u0642\u0635 \u06a9\u0647 \"HM Surf\" \u0646\u0627\u0645 \u062f\u0627\u0631\u062f\u060c \u0628\u0647 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u0627\u0632 \u0641\u0646\u0627\u0648\u0631\u06cc \u0634\u0641\u0627\u0641\u06cc\u062a\u060c \u0631\u0636\u0627\u06cc\u062a \u0648 \u06a9\u0646\u062a\u0631\u0644 (TCC) \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u06a9\u0627\u0631\u0628\u0631\u060c \u0627\u0632\u200c\u062c\u0645\u0644\u0647 \u0635\u0641\u062d\u0627\u062a \u0645\u0634\u0627\u0647\u062f\u0647 \u0634\u062f\u0647 \u0645\u0631\u0648\u0631\u06af\u0631 \u0648 \u062f\u0648\u0631\u0628\u06cc\u0646\u060c \u0645\u06cc\u06a9\u0631\u0648\u0641\u0648\u0646 \u0648 \u0645\u06a9\u0627\u0646 \u062f\u0633\u062a\u06af\u0627\u0647\u060c \u062f\u0633\u062a\u0631\u0633\u06cc \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u062f.\n\u200c\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0639\u0646\u0648\u0627\u0646 CVE-2024-44133 \u0648 \u0628\u0627 \u062f\u0631\u062c\u0647\u200c\u0628\u0646\u062f\u06cc \u0634\u062f\u062a \u0645\u062a\u0648\u0633\u0637 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.\n\u200c\n\u0627\u0632 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 macOS \u062e\u0648\u0627\u0633\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627 \u0631\u0627 \u062f\u0631 \u0627\u0633\u0631\u0639 \u0648\u0642\u062a \u0627\u0639\u0645\u0627\u0644 \u06a9\u0646\u0646\u062f \u0648 \u062f\u0631 \u0647\u0645\u06cc\u0646 \u062d\u0627\u0644 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0641\u0639\u0627\u0644\u06cc\u062a\u200c\u0647\u0627\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0628\u0627\u0644\u0642\u0648\u0647 \u0645\u0631\u062a\u0628\u0637 \u0628\u0627 Adload \u06a9\u0647 \u06cc\u06a9 \u062e\u0627\u0646\u0648\u0627\u062f\u0647 \u0631\u0627\u06cc\u062c \u0628\u062f\u0627\u0641\u0632\u0627\u0631 macOS \u0627\u0633\u062a \u0631\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0646\u0645\u0648\u062f\u0647 \u0627\u0633\u062a.\n\n#Cybersecurity #Cyber_Attack #macOS #Vulnerability #Apple #Microsoft #HM_Surf #TCC #Malware #Adload #Safari #\u0627\u0645\u0646\u06cc\u062a_\u0633\u0627\u06cc\u0628\u0631\u06cc #\u062d\u0645\u0644\u0647_\u0633\u0627\u06cc\u0628\u0631\u06cc #\u0627\u067e\u0644 #\u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a #\u0628\u062f\u0627\u0641\u0632\u0627\u0631 #\u0633\u0627\u0641\u0627\u0631\u06cc\n\n\u0645\u0637\u0627\u0644\u0639\u0647 \u06a9\u0627\u0645\u0644 \u062e\u0628\u0631 \ud83d\udc49\n\n\ud83c\udd94 @Takianco\n\ud83c\uddee\ud83c\uddf7", "creation_timestamp": "2024-10-23T08:48:46.000000Z"}, {"uuid": "20849ea0-2654-4dea-925f-cad6fc86f9b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44131", "type": "seen", "source": "Telegram/sanRM_Dq8Dw9iUOerd3nWMbIJooEIHU8ebskFNzYPISF8Q", "content": "", "creation_timestamp": "2024-12-12T14:54:31.000000Z"}, {"uuid": "d4821923-1eb4-409f-8ba1-11c767ab5205", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "seen", "source": "Telegram/gwe6mmQ6GGmRb5OaewKpJ32MUJHsZ156vCOs3qTVIkLTPA", "content": "", "creation_timestamp": "2024-10-18T09:59:16.000000Z"}, {"uuid": "b96079e6-a07d-49e8-a970-0b5694fc3536", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3336", "content": "https://github.com/yo-yo-yo-jbo/hm-surf\n\nEvaluates susceptibility to CVE-2024-44133 of common macOS browsers.\n#github #exploit", "creation_timestamp": "2024-10-19T14:36:09.000000Z"}, {"uuid": "ba0631ee-11e1-49aa-90e3-6f9be8c7e982", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11305", "content": "#exploit\n1. CVE-2024-44133:\nPrivacy Controls Bypasses in Safari (+ \"HM-Surf\" evaluator)\nhttps://github.com/yo-yo-yo-jbo/hm-surf\n\n2. CVE-2024-9264:\nGrafana Post-Auth DuckDB SQLI (File Read)\nhttps://github.com/nollium/CVE-2024-9264\n\n3. CVE-2024-27983:\nHTTP2 Node.js server DoS\nhttps://github.com/lirantal/CVE-2024-27983-nodejs-http2", "creation_timestamp": "2024-10-25T19:30:02.000000Z"}, {"uuid": "9f9767fc-a284-4f26-9d81-2540cf7b0637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "seen", "source": "", "content": "", "creation_timestamp": "2024-10-18T12:29:09.241460Z"}, {"uuid": "d735674f-ff9a-404a-a7d2-879608f1ab0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44131", "type": "seen", "source": "https://thehackernews.com/2024/12/researchers-uncover-symlink-exploit.html", "content": "", "creation_timestamp": "2024-12-12T11:35:00.000000Z"}, {"uuid": "52a7b8c4-cda5-4dc2-8bd2-6b10a6d1cebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44136", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfslgbct452h", "content": "", "creation_timestamp": "2025-01-15T20:15:58.836421Z"}, {"uuid": "3c37c864-758a-4896-bbc1-1d7b7d547688", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44137", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:28.000000Z"}, {"uuid": "0055f27b-dff6-4245-966b-fd4e6f926660", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44137", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}, {"uuid": "cd2e6fa8-5993-4cc2-9d58-82be2ea38327", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44136", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1843", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44136\n\ud83d\udd39 Description: This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection.\n\ud83d\udccf Published: 2025-01-15T19:35:56.404Z\n\ud83d\udccf Modified: 2025-01-15T19:35:56.404Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/120905", "creation_timestamp": "2025-01-15T19:55:14.000000Z"}, {"uuid": "42154781-cb65-4664-992b-8a16fec86c11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44130", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8698", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44130\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15. An app with root privileges may be able to access private information.\n\ud83d\udccf Published: 2024-09-16T23:22:26.983Z\n\ud83d\udccf Modified: 2025-03-25T16:10:44.049Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/121238", "creation_timestamp": "2025-03-25T16:25:03.000000Z"}, {"uuid": "0d2198f7-dfeb-41f2-a611-b016c6e52326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44131", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8709", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44131\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.\n\ud83d\udccf Published: 2024-09-16T23:22:09.818Z\n\ud83d\udccf Modified: 2025-03-25T16:10:42.629Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/121238\n2. https://support.apple.com/en-us/121250", "creation_timestamp": "2025-03-25T16:25:17.000000Z"}, {"uuid": "29ceeea5-ce77-416b-bc55-9e51dc1919bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44136", "type": "seen", "source": "https://t.me/cvedetector/15524", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44136 - Apple iOS Stolen Device Protection Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-44136 \nPublished : Jan. 15, 2025, 8:15 p.m. | 25\u00a0minutes ago \nDescription : This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T21:49:46.000000Z"}, {"uuid": "b5f0ac71-af9f-47ef-b25c-6869d9bb9aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44131", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/113645169879560898", "content": "", "creation_timestamp": "2024-12-13T11:01:21.129473Z"}, {"uuid": "b8b5a92c-095f-4d1e-aebe-a695393b21fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:31.000000Z"}, {"uuid": "a36882fe-4a58-4ecc-9d7c-c574361b1ad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44134", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7495", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44134\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.\n\ud83d\udccf Published: 2024-09-16T23:23:05.839Z\n\ud83d\udccf Modified: 2025-03-13T20:36:47.437Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/121238", "creation_timestamp": "2025-03-13T20:43:00.000000Z"}, {"uuid": "506e267f-3052-47e0-a788-3a9e5519f3ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "seen", "source": "https://t.me/KomunitiSiber/2736", "content": "Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser\nhttps://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html\n\nMicrosoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data.\nThe shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133. It was addressed by Apple as part of macOS Sequoia 15 by removing the", "creation_timestamp": "2024-10-18T10:34:14.000000Z"}, {"uuid": "9dd96d19-3600-4aeb-a450-2b0bb74ebcba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "exploited", "source": "https://t.me/true_secator/6336", "content": "Microsoft \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0430 \u043d\u043e\u0432\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c macOS, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c.\n\n\u041d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u0445 Mac \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u044f \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u043e\u0441\u0442\u0438, \u0441\u043e\u0433\u043b\u0430\u0441\u0438\u044f \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f TCC, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043b\u0438\u0447\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0442\u0430\u043a\u043e\u0439 \u043a\u0430\u043a \u043c\u0435\u0441\u0442\u043e\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0435, \u0438\u0441\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u043e\u0432, \u043a\u0430\u043c\u0435\u0440\u0430, \u043c\u0438\u043a\u0440\u043e\u0444\u043e\u043d \u0438 \u0442\u0434., \u0431\u0435\u0437 \u0438\u0445 \u0441\u043e\u0433\u043b\u0430\u0441\u0438\u044f.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Microsoft Threat Intelligence \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043e\u0431\u0445\u043e\u0434, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043d\u0438\u043c\u0430\u0435\u0442 \u0437\u0430\u0449\u0438\u0442\u0443 TCC \u0434\u043b\u044f \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari.\n\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0439 \u043a\u043e\u0434\u043e\u0432\u043e\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 HM Surf, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-44133. \n\n\u041e\u043d \u043f\u043e\u0441\u043b\u0435 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0431\u044b\u043b \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d Apple \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 macOS Sequoia 15 \u043f\u0443\u0442\u0435\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c Microsoft \u0443\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 Adload, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u043c \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u043e\u043c \u0443\u0433\u0440\u043e\u0437 macOS, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u043c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\u041e\u0431\u044b\u0447\u043d\u043e \u043b\u044e\u0431\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043d\u0430 macOS \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u0442 \u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043d\u0430 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c \u0438\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u043c.\n\n\u041e\u0434\u043d\u0430\u043a\u043e Safari \u043c\u043e\u0436\u0435\u0442 \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u043a\u043d\u0438\u0433\u0435, \u043a\u0430\u043c\u0435\u0440\u0435, \u043c\u0438\u043a\u0440\u043e\u0444\u043e\u043d\u0443 \u0438 \u043c\u043d\u043e\u0433\u043e\u043c\u0443 \u0434\u0440\u0443\u0433\u043e\u043c\u0443, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f com.apple.private.tcc.allow.\n\n\u041f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e Safari \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0435\u0442 \u0432\u0441\u043f\u043b\u044b\u0432\u0430\u044e\u0449\u0435\u0435 \u043e\u043a\u043d\u043e \u043f\u0440\u0438 \u043f\u043e\u043f\u044b\u0442\u043a\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u044d\u0442\u0438\u043c \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c, \u043d\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 TCC \u0434\u043b\u044f \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 Safari, \u0438\u0437\u043c\u0435\u043d\u0438\u0432 \u0444\u0430\u0439\u043b\u044b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438.\n\n\u0415\u0441\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0437\u0430\u0442\u0435\u043c \u043e\u0442\u043a\u0440\u043e\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043c\u043e\u0433\u0443\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0441\u043d\u0438\u043c\u043a\u0438 \u043a\u0430\u043c\u0435\u0440\u044b \u0438\u043b\u0438 \u043e\u0442\u0441\u043b\u0435\u0434\u0438\u0442\u044c \u043c\u0435\u0441\u0442\u043e\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u0412 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441\u043a\u0440\u044b\u0442\u043d\u043e, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c Safari \u0432 \u043e\u0447\u0435\u043d\u044c \u043c\u0430\u043b\u0435\u043d\u044c\u043a\u043e\u043c \u043e\u043a\u043d\u0435, \u0447\u0442\u043e\u0431\u044b \u043d\u0435 \u043f\u0440\u0438\u0432\u043b\u0435\u043a\u0430\u0442\u044c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f, \u0438 \u0437\u0430\u0442\u0435\u043c \u0432\u044b\u043a\u0440\u0430\u0441\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Microsoft \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0438, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 Adload \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0442\u0435\u043a\u0443\u0449\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 macOS, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0430\u0440\u043e\u043b\u0435\u0439, \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0431\u0445\u043e\u0434\u043e\u0432 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043c\u0438\u043a\u0440\u043e\u0444\u043e\u043d\u0443 \u0438 \u043a\u0430\u043c\u0435\u0440\u0435 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u043e\u0432.\n\n\u041f\u0440\u0430\u0432\u0434\u0430 \u043f\u043e\u043a\u0430 \u043d\u0435\u044f\u0441\u043d\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043b\u0438 \u0432 \u044d\u0442\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 Apple \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043b\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u0437\u0430\u0449\u0438\u0442\u044b \u0444\u0430\u0439\u043b\u043e\u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043e\u0442 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432\u043d\u0435\u0448\u043d\u0438\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0432 \u043a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.", "creation_timestamp": "2024-10-18T15:40:05.000000Z"}, {"uuid": "f2559c09-c97f-4e5b-8ed5-0cfa39f33611", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44131", "type": "seen", "source": "https://t.me/thehackernews/6033", "content": "\ud83d\udea8 Apple's TCC framework #vulnerability exposed! \n \nA now-patched flaw (CVE-2024-44131) allowed unauthorized apps to access sensitive data like Health info, microphone, and #iCloud backups\u2014without users knowing. \n \nLearn more: https://thehackernews.com/2024/12/researchers-uncover-symlink-exploit.html", "creation_timestamp": "2024-12-12T13:40:46.000000Z"}, {"uuid": "7f4db1d9-0787-400d-a9d9-17879a9d34a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "seen", "source": "https://t.me/thehackernews/5753", "content": "\ud83d\uded1 Microsoft discovered a serious security flaw (CVE-2024-44133) in #Apple\u2019s macOS TCC framework that could bypass user consent for sensitive data access like your location, camera, or microphone! \n \nLearn more: https://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html", "creation_timestamp": "2024-10-18T07:52:33.000000Z"}, {"uuid": "2e46d7e0-6544-4d98-9e67-adc9544d901d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "exploited", "source": "https://t.me/xakep_ru/16575", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Microsoft \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 macOS\n\n\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b Microsoft \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2024-44133 \u0432 macOS \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0440\u0435\u043a\u043b\u0430\u043c\u043d\u043e\u0433\u043e \u041f\u041e, \u0438 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0443\u0436\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0438 \u0442\u0430\u043a\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c.\n\nhttps://xakep.ru/2024/10/21/cve-2024-44133/", "creation_timestamp": "2024-10-21T18:35:50.000000Z"}, {"uuid": "7f214dbf-52ac-4af6-87e6-54c8c3cb00d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/4770", "content": "#exploit\n1. CVE-2024-44133:\nPrivacy Controls Bypasses in Safari (+ \"HM-Surf\" evaluator)\nhttps://github.com/yo-yo-yo-jbo/hm-surf\n\n2. CVE-2024-27983:\nHTTP2 Node.js server DoS\nhttps://github.com/lirantal/CVE-2024-27983-nodejs-http2", "creation_timestamp": "2024-10-19T10:57:50.000000Z"}, {"uuid": "7686a0b7-22a7-42cc-b31c-b3e6f404f76c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "published-proof-of-concept", "source": "https://t.me/god_of_server/7", "content": "#exploit\n1. CVE-2024-44133:\nPrivacy Controls Bypasses in Safari (+ \"HM-Surf\" evaluator)\nhttps://github.com/yo-yo-yo-jbo/hm-surf\n\n2. CVE-2024-9264:\nGrafana Post-Auth DuckDB SQLI (File Read)\nhttps://github.com/nollium/CVE-2024-9264\n\n3. CVE-2024-27983:\nHTTP2 Node.js server DoS\nhttps://github.com/lirantal/CVE-2024-27983-nodejs-http2\n\n\n\ud83d\udd23\ud83d\udd23", "creation_timestamp": "2024-10-26T13:55:32.000000Z"}, {"uuid": "3bdc39e2-19d2-4f40-8c52-75ddf169108c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44137", "type": "seen", "source": "", "content": "", "creation_timestamp": "2024-10-28T21:39:12.968216Z"}, {"uuid": "5582597d-7e8a-4260-a77d-382a7ec00e74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44136", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113834132058531582", "content": "", "creation_timestamp": "2025-01-15T19:56:49.724510Z"}, {"uuid": "e6cfdb9c-596c-40e8-9663-9b66a16852c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44136", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113838818023702964", "content": "", "creation_timestamp": "2025-01-16T15:48:39.699793Z"}, {"uuid": "238c1505-8799-4026-bafc-ceaa47e7be5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44136", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfsnixsfnx2g", "content": "", "creation_timestamp": "2025-01-15T20:53:17.176854Z"}, {"uuid": "829dc70d-c597-4e85-8164-9b64671b2d46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44133", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}]}