VYPR
← All advisories
Low severity3.3NVD Advisory· Published Jan 27, 2025· Updated Apr 2, 2026

CVE-2024-54475

CVE-2024-54475

Description

CVE-2024-54475 is a low-severity privacy issue in macOS where an app may determine a user's current location due to improper log data redaction.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2024-54475 is a low-severity privacy issue in macOS where an app may determine a user's current location due to improper log data redaction.

Vulnerability

CVE-2024-54475 is a privacy issue in macOS where sensitive location data was not properly redacted from system log entries. Apple addressed this by improving private data redaction in logs. The flaw affects macOS Sequoia 15.2, macOS Sonoma 14.7.2, and macOS Ventura 13.7.2 [1][2][3].

Exploitation

An app running on the system could potentially read log entries containing unredacted location information, allowing it to determine the user's current location. No user interaction beyond app execution is needed, and the attack surface is local. The vulnerability is classified as low severity (CVSS 3.3) due to the requirement of an app being present on the device.

Impact

Successful exploitation enables an app to access the user's current location without explicit permissions, violating user privacy expectations. The data is limited to what appears in logs, but location information can be sensitive.

Mitigation

Apple has released updates for all three affected macOS versions on December 11, 2024. Users should update to macOS Sequoia 15.2, macOS Sonoma 14.7.2, or macOS Ventura 13.7.2 to remediate the issue [1][2][3]. No workarounds are documented.

References
  1. About the security content of macOS Sequoia 15.2 - Apple Support
  2. About the security content of macOSSonoma14.7.2 - Apple Support
  3. About the security content of macOSVentura13.7.2 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <13.7.2
    • (no CPE)range: >=13.7.2, <=15.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.