CVE-2024-54469

Vulnerability

Overview

CVE-2024-54469 is a vulnerability in Apple operating systems where a local user or app may be able to leak sensitive user information. The root cause lies in insufficient permission checks, allowing an app to bypass restrictions and access data it should not have access to [1][2][4]. In macOS Sonoma 14.7, the issue is described as improved permissions logic [3].

Exploitation

Exploitation requires local access to the device, either as a user or via a malicious app installed on the system. No network-based attack vector is involved, as the vulnerability is triggered locally. The attacker does not need elevated privileges beyond standard user access; the app can exploit the weak checks to access sensitive information [1][2].

Impact

A successful exploit allows an app to leak sensitive user information, which could include personal data, credentials, or other private details stored on the device. The exact type of information is not specified, but the impact is rated Medium with a CVSS v3 score of 5.5 [1][2][4].

Mitigation

Apple has addressed this vulnerability in the following updates: iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, and visionOS 2. Users are advised to update their devices to the latest available versions to protect against potential exploitation [1][2][3][4].