Login Sign Up

CVE-2024-54471

5.5 MEDIUM

📋 TL;DR

A macOS vulnerability allows malicious applications to bypass entitlement checks and potentially leak user credentials. This affects macOS Ventura and Sonoma users who run untrusted applications. The issue stems from insufficient access controls in system components.

💻 Affected Systems

Products:
  • macOS
Versions: macOS Ventura before 13.7.1, macOS Sonoma before 14.7.1
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user to install and run malicious application. Not exploitable remotely without user interaction.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious application steals stored passwords, authentication tokens, or keychain items without user interaction.

🟠

Likely Case

Malicious app disguised as legitimate software extracts limited credential information when user grants some permissions.

🟢

If Mitigated

Only apps from trusted sources are installed, limiting exposure to credential theft attempts.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user to install malicious application. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.7.1, macOS Sonoma 14.7.1

Vendor Advisory: https://support.apple.com/en-us/121568

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart when prompted.

🔧 Temporary Workarounds

Restrict App Installation Sources

all

Only allow apps from App Store and identified developers

sudo spctl --master-enable
sudo spctl --enable

🧯 If You Can't Patch

  • Only install applications from trusted sources like the Mac App Store
  • Use application sandboxing tools to restrict untrusted applications

🔍 How to Verify

Check if Vulnerable:

Check macOS version in System Settings > General > About

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 13.7.1 or later for Ventura, or 14.7.1 or later for Sonoma

📡 Detection & Monitoring

Log Indicators:

  • Unusual entitlement requests in system logs
  • Multiple failed authorization attempts

Network Indicators:

  • None - local exploitation only

SIEM Query:

process where (parent.process.name contains "install" or parent.process.name contains "launch") and process.name not in approved_apps_list

📊 Metadata

CVE ID: CVE-2024-54471
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-522
Published: December 12, 2024
Last Updated: March 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54471, you might also want to check these:

CVE-2024-51545 10.0

This CVE describes a username enumeration vulnerability in ABB industrial control system products th...

Same vulnerability type (CWE-522)
CVE-2021-30116 10.0

CVE-2021-30116 is an authentication bypass vulnerability in Kaseya VSA that allows unauthenticated a...

Same vulnerability type (CWE-522)
CVE-2025-0867 9.9

This vulnerability allows standard users to execute commands with administrative privileges through ...

Same vulnerability type (CWE-522)