CVE-2024-54463 – This macOS vulnerability allows malicious appli... (How to Fix)

Q: What is the severity of CVE-2024-54463?

CVE-2024-54463 has a CVSS score of 5.5 (MEDIUM). This macOS vulnerability allows malicious applications to access removable storage devices (like USB drives) without user permission. It affects macOS systems before Sequoia 15, potentially exposing sensitive data on connected external media.

📋 TL;DR

This macOS vulnerability allows malicious applications to access removable storage devices (like USB drives) without user permission. It affects macOS systems before Sequoia 15, potentially exposing sensitive data on connected external media.

💻 Affected Systems

Products:

macOS

Versions: Versions before macOS Sequoia 15

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all macOS installations before Sequoia 15. Requires malicious application to be installed and executed.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious app could exfiltrate sensitive data from connected USB drives, external hard drives, or other removable media without user knowledge or consent.

🟠

Likely Case

Malware or compromised applications could access and steal data from connected removable storage devices.

🟢

If Mitigated

With proper app vetting and security controls, risk is limited to untrusted applications gaining unauthorized data access.

🌐 Internet-Facing: LOW - This requires local application execution, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Risk exists when users run untrusted applications that could access connected storage devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Malicious app simply needs to request volume access.

Exploitation requires user to install and run malicious application. No authentication bypass needed beyond app execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15

Vendor Advisory: https://support.apple.com/en-us/121238

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install macOS Sequoia 15 update 5. Restart when prompted

🔧 Temporary Workarounds

Restrict App Installation

all

Only install applications from trusted sources like the Mac App Store or identified developers.

Disconnect Unused Removable Media

all

Physically disconnect USB drives and other removable media when not in use.

🧯 If You Can't Patch

Implement application allowlisting to prevent untrusted applications from running
Use endpoint protection software that monitors for suspicious file access patterns

🔍 How to Verify

Check if Vulnerable:

Check macOS version: If version is earlier than 15.0, system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 15.0 or later after update.

📡 Detection & Monitoring

Log Indicators:

Unusual volume mount events from non-system applications
File access patterns from applications to removable media

Network Indicators:

Unexpected outbound data transfers following removable media access

SIEM Query:

process_name:* AND event_type:file_access AND target_path:/Volumes/*

📊 Metadata

CVE ID: CVE-2024-54463

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-200

EPSS Score: 0.09% exploit probability (24.6th percentile)

Published: March 10, 2025

Last Updated: March 14, 2025

🔗 References

https://support.apple.com/en-us/121238 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54463, you might also want to check these: