CVE-2024-23229 – A macOS vulnerability allows malicious applicat... (How to Fix)

Q: What is the severity of CVE-2024-23229?

CVE-2024-23229 has a CVSS score of 5.5 (MEDIUM). A macOS vulnerability allows malicious applications to access Find My data, which could expose location information and device details. This affects macOS Monterey, Ventura, and Sonoma users who haven't updated to the patched versions.

📋 TL;DR

A macOS vulnerability allows malicious applications to access Find My data, which could expose location information and device details. This affects macOS Monterey, Ventura, and Sonoma users who haven't updated to the patched versions.

💻 Affected Systems

Products:

macOS

Versions: macOS Monterey before 12.7.5, macOS Ventura before 13.6.5, macOS Sonoma before 14.4

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected macOS versions are vulnerable. Requires malicious application execution.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious app gains access to Find My data, potentially tracking user location, accessing device identifiers, and compromising privacy.

🟠

Likely Case

Malicious app collects limited Find My data, potentially exposing device names, locations, or associated Apple IDs.

🟢

If Mitigated

No data exposure occurs due to proper app sandboxing, user permission controls, and updated macOS versions.

🌐 Internet-Facing: LOW - Exploitation requires local malicious application installation, not remote network access.

🏢 Internal Only: MEDIUM - Requires user to install malicious app, but could be combined with social engineering or other attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user to install and run a malicious application. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4

Vendor Advisory: https://support.apple.com/en-us/HT214084

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow apps from the App Store and identified developers

sudo spctl --master-enable
sudo spctl --enable --label "Mac App Store"
sudo spctl --enable --label "Developer ID"

🧯 If You Can't Patch

Implement application allowlisting to prevent unauthorized app execution
Educate users about risks of installing untrusted applications

🔍 How to Verify

Check if Vulnerable:

Check macOS version in System Settings > General > About. If version is Monterey <12.7.5, Ventura <13.6.5, or Sonoma <14.4, system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is Monterey 12.7.5+, Ventura 13.6.5+, or Sonoma 14.4+.

📡 Detection & Monitoring

Log Indicators:

Unusual Find My service access by non-Apple applications
Console logs showing unauthorized data access attempts

Network Indicators:

None - this is a local privilege issue

SIEM Query:

process_name:"FindMy" AND parent_process NOT IN ("SystemUIServer", "launchd")

📊 Metadata

CVE ID: CVE-2024-23229

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-922

Published: May 14, 2024

Last Updated: December 9, 2024

🔗 References

http://seclists.org/fulldisclosure/2024/May/14 Mailing List
https://support.apple.com/en-us/HT214084 Vendor Advisory
https://support.apple.com/en-us/HT214085 Vendor Advisory
https://support.apple.com/en-us/HT214105 Vendor Advisory
https://support.apple.com/kb/HT214084 Vendor Advisory
https://support.apple.com/kb/HT214085 Vendor Advisory
https://support.apple.com/kb/HT214105 Vendor Advisory
http://seclists.org/fulldisclosure/2024/May/14 Mailing List
https://support.apple.com/en-us/HT214084 Vendor Advisory
https://support.apple.com/en-us/HT214085 Vendor Advisory
https://support.apple.com/en-us/HT214105 Vendor Advisory
https://support.apple.com/kb/HT214084 Vendor Advisory
https://support.apple.com/kb/HT214085 Vendor Advisory
https://support.apple.com/kb/HT214105 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23229, you might also want to check these: