CVE-2024-46062
📋 TL;DR
This vulnerability allows local privilege escalation on macOS systems running vulnerable Miniconda3 installers. When installed outside the user's home directory, world-writable files are created and executed with root privileges, enabling local low-privileged users to inject arbitrary commands and gain root access. This affects macOS users who installed Miniconda3 in system directories or other non-home locations.
💻 Affected Systems
- Miniconda3
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains full root privileges on the macOS system, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement.
Likely Case
Local user or malware with limited privileges escalates to root to install additional malware, modify system configurations, or access sensitive data.
If Mitigated
Attack is prevented by proper installation practices or patching, limiting impact to normal user-level operations.
🎯 Exploit Status
Exploitation requires local access but is straightforward once access is obtained. The vulnerability is well-documented with technical details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 23.11.0-1 and later
Vendor Advisory: https://www.anaconda.com/docs/getting-started/miniconda/release/23.x#miniconda-23-11-0-1
Restart Required: No
Instructions:
1. Download Miniconda3 version 23.11.0-1 or later from the official Anaconda website. 2. Uninstall the vulnerable version. 3. Install the patched version, preferably in your home directory. 4. Verify the installation is not in a system directory.
🔧 Temporary Workarounds
Reinstall in Home Directory
macOSMove Miniconda3 installation to the user's home directory where the vulnerability does not apply.
conda deactivate
rm -rf /path/to/vulnerable/miniconda3
curl -O https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-x86_64.sh
bash Miniconda3-latest-MacOSX-x86_64.sh -b -p $HOME/miniconda3
Remove World-Writable Permissions
macOSManually fix permissions on Miniconda3 installation directories to prevent exploitation.
sudo chmod -R o-w /path/to/miniconda3
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable installations
- Monitor for suspicious root privilege escalation attempts and file modifications in Miniconda directories
🔍 How to Verify
Check if Vulnerable:
Check if Miniconda3 is installed outside home directory and version is below 23.11.0-1: run 'conda --version' and check installation path.Check Version:
conda --versionVerify Fix Applied:
Verify Miniconda3 version is 23.11.0-1 or higher with 'conda --version' and confirm installation is in home directory.📡 Detection & Monitoring
Log Indicators:
- Unexpected root privilege escalation events
- File permission changes in Miniconda directories
- Execution of scripts from world-writable directories with root privileges
Network Indicators:
- None - this is a local attack
SIEM Query:
process where parent_process_name contains "installer" and process_name contains "sh" or "bash" and process_path contains "miniconda" and user contains "root"