CVE-2024-54547 – This vulnerability in macOS allows applications... (How to Fix)

Q: What is the severity of CVE-2024-54547?

CVE-2024-54547 has a CVSS score of 5.5 (MEDIUM). This vulnerability in macOS allows applications to bypass security checks and access protected user data they shouldn't have permission to view. It affects macOS Ventura, Sonoma, and Sequoia users who haven't applied the latest security updates. The issue could expose sensitive information like passwords, documents, or personal data to malicious applications.

📋 TL;DR

This vulnerability in macOS allows applications to bypass security checks and access protected user data they shouldn't have permission to view. It affects macOS Ventura, Sonoma, and Sequoia users who haven't applied the latest security updates. The issue could expose sensitive information like passwords, documents, or personal data to malicious applications.

💻 Affected Systems

Products:

macOS

Versions: macOS Ventura (before 13.7.2), macOS Sonoma (before 14.7.2), macOS Sequoia (before 15.2)

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard macOS installations running affected versions are vulnerable. The vulnerability affects the core operating system security mechanisms.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious application could access and exfiltrate sensitive user data including passwords, financial information, personal documents, and authentication tokens, leading to identity theft, financial loss, or further system compromise.

🟠

Likely Case

Malicious applications in the App Store or downloaded from untrusted sources could access user data they're not authorized to see, potentially exposing personal information, browsing history, or local files.

🟢

If Mitigated

With proper application sandboxing, least privilege principles, and user vigilance about app permissions, the impact is limited to data the user has already granted some level of access to.

🌐 Internet-Facing: LOW - This vulnerability requires local application execution and doesn't directly expose services to remote attackers.

🏢 Internal Only: MEDIUM - Malicious applications could be installed by users or through social engineering, potentially exposing sensitive data on affected macOS systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires a malicious application to be installed and executed on the target system. The vulnerability bypasses security checks rather than providing direct remote access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Ventura 13.7.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2

Vendor Advisory: https://support.apple.com/en-us/121839

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Click 'Update Now' if updates are available. 3. Follow on-screen instructions to download and install. 4. Restart your Mac when prompted.

🔧 Temporary Workarounds

Application Sandboxing Enforcement

all

Ensure all applications run with appropriate sandboxing and only grant necessary permissions

Gatekeeper Settings

all

Configure Gatekeeper to only allow apps from the App Store and identified developers

sudo spctl --master-enable
sudo spctl --enable

🧯 If You Can't Patch

Restrict installation of new applications to only trusted sources and verified developers
Implement application allowlisting to prevent execution of unauthorized or unknown applications

🔍 How to Verify

Check if Vulnerable:

Check macOS version in System Settings > General > About. If version is Ventura <13.7.2, Sonoma <14.7.2, or Sequoia <15.2, system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

After updating, verify macOS version shows Ventura 13.7.2, Sonoma 14.7.2, or Sequoia 15.2 or later in System Settings > General > About.

📡 Detection & Monitoring

Log Indicators:

Unusual application access to protected directories
Security framework denials followed by successful access
Console logs showing sandbox violations

Network Indicators:

Unexpected outbound connections from applications accessing sensitive data

SIEM Query:

source="macos" (event_type="sandbox_violation" OR event_type="file_access") AND (target_path CONTAINS "/Library/Keychains/" OR target_path CONTAINS "/Users/*/Library/")

📊 Metadata

CVE ID: CVE-2024-54547

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-200

EPSS Score: 0.06% exploit probability (18.8th percentile)

Published: January 27, 2025

Last Updated: April 4, 2025

🔗 References

https://support.apple.com/en-us/121839 Release Notes,Vendor Advisory
https://support.apple.com/en-us/121840 Release Notes,Vendor Advisory
https://support.apple.com/en-us/121842 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54547, you might also want to check these: