Login Sign Up

CVE-2024-54468

8.2 HIGH

📋 TL;DR

This CVE describes a sandbox escape vulnerability in Apple operating systems where a malicious app could potentially break out of its security sandbox. This affects macOS, iOS, iPadOS, tvOS, and watchOS users running vulnerable versions. Successful exploitation could allow an app to access resources or perform actions beyond its intended permissions.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
  • watchOS
Versions: Versions prior to macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2, iOS 18.2, iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2
Operating Systems: macOS, iOS, iPadOS, tvOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard configurations of affected Apple operating systems are vulnerable. The vulnerability affects the sandboxing mechanism that isolates apps from each other and the system.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious app could gain elevated privileges, access sensitive user data, modify system files, or install persistent malware with system-level access.

🟠

Likely Case

An app could access files or resources outside its sandbox boundaries, potentially reading sensitive user data or performing unauthorized actions.

🟢

If Mitigated

With proper app vetting and security controls, the risk is limited to apps that have already passed through Apple's review process, though sideloaded or enterprise-signed apps could still pose a threat.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed and executed on the target device. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2, iOS 18.2, iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2

Vendor Advisory: https://support.apple.com/en-us/121837

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences. 2. Navigate to General > Software Update. 3. Download and install the latest available update for your device. 4. Restart your device when prompted.

🔧 Temporary Workarounds

Restrict App Installation Sources

all

Only install apps from the official App Store or trusted enterprise sources to reduce the attack surface.

Enable App Sandboxing Enforcement

macOS

Ensure app sandboxing is enabled and functioning properly on macOS systems.

sudo spctl --master-enable
sudo spctl --enable

🧯 If You Can't Patch

  • Implement strict application allowlisting to only permit trusted, essential applications
  • Deploy endpoint detection and response (EDR) solutions to monitor for sandbox escape attempts

🔍 How to Verify

Check if Vulnerable:

Check your device's operating system version against the patched versions listed in the affected systems section.

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version, tvOS: Settings > General > About > Version, watchOS: Settings > General > About > Version

Verify Fix Applied:

Verify that your device is running one of the patched versions listed in the fix_official section.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process spawning from sandboxed applications
  • File access violations outside app containers
  • System call violations in security logs

Network Indicators:

  • Unexpected network connections from sandboxed applications
  • Attempts to access restricted network resources

SIEM Query:

process.parent.name: "sandboxed_app" AND process.name: "system_process" OR file.path: "/System/*" AND process.name: "sandboxed_app"

📊 Metadata

CVE ID: CVE-2024-54468
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS Score: 0.04% exploit probability (13.2th percentile)
Published: January 27, 2025
Last Updated: March 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON