CVE-2024-46060
📋 TL;DR
This CVE describes a local privilege escalation vulnerability in Anaconda3 macOS installers. When installed outside the user's home directory, world-writable files are created and executed with root privileges, allowing local low-privileged users to inject arbitrary commands and gain root access. This affects macOS users who installed Anaconda3 outside their home directory.
💻 Affected Systems
- Anaconda3
📦 What is this software?
Anaconda3 by Anaconda
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains full root privileges on the macOS system, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement.
Likely Case
Malicious local user or malware with user-level access escalates to root to install backdoors, steal sensitive data, or disable security controls.
If Mitigated
With proper access controls and monitoring, exploitation would be detected and contained before significant damage occurs.
🎯 Exploit Status
Exploitation requires local access but is straightforward once access is obtained. Public technical details available in referenced blog post.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.06-1 and later
Vendor Advisory: https://www.anaconda.com/docs/getting-started/anaconda/release/2024.x#anaconda-2024-06-1
Restart Required: No
Instructions:
1. Update Anaconda3 to version 2024.06-1 or later using 'conda update anaconda' 2. Alternatively, reinstall Anaconda3 using the latest installer from anaconda.com
🔧 Temporary Workarounds
Move installation to home directory
macosReinstall Anaconda3 in the user's home directory where the vulnerability does not exist
# Uninstall current Anaconda3
# Download latest installer
# Install to ~/anaconda3 or similar home directory location
Restrict file permissions
macosManually remove world-writable permissions from Anaconda installation files
sudo chmod -R o-w /path/to/anaconda3
🧯 If You Can't Patch
- Monitor for suspicious privilege escalation attempts and file permission changes in Anaconda directories
- Implement strict access controls to limit local user access to systems with vulnerable installations
🔍 How to Verify
Check if Vulnerable:
Check Anaconda version with 'conda --version' and verify installation location is outside home directoryCheck Version:
conda --versionVerify Fix Applied:
Confirm version is 2024.06-1 or later with 'conda --version' and check file permissions in installation directory📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events
- File permission changes in Anaconda directories
- Execution of scripts from world-writable locations
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="macos" (event_type="privilege_escalation" OR file_permission_change) AND path="*/anaconda3/*"