CVE-2024-54550
📋 TL;DR
This vulnerability allows applications to access autocompleted contact information from Messages and Mail that appears in system logs. It affects macOS, iOS, and iPadOS users who haven't updated to the latest versions. The issue involves improper redaction of sensitive data in system logs.
💻 Affected Systems
- macOS
- iOS
- iPadOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Malicious apps could harvest contact information including names, email addresses, and phone numbers from system logs, potentially enabling targeted phishing or social engineering attacks.
Likely Case
Apps with legitimate system log access could inadvertently or intentionally collect contact information that users expected to remain private.
If Mitigated
With proper app sandboxing and security controls, only apps with specific entitlements could access this data, limiting exposure.
🎯 Exploit Status
Exploitation requires a malicious app to be installed on the device with appropriate permissions to access system logs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Sequoia 15.2, iOS 18.2, iPadOS 18.2
Vendor Advisory: https://support.apple.com/en-us/121837
Restart Required: Yes
Instructions:
1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Install macOS Sequoia 15.2, iOS 18.2, or iPadOS 18.2. 4. Restart the device after installation completes.
🔧 Temporary Workarounds
Disable autocomplete in Messages and Mail
allTurn off contact autocomplete features to prevent sensitive data from appearing in logs
Restrict app permissions
allReview and restrict app permissions, especially for apps that don't need system log access
🧯 If You Can't Patch
- Implement strict app vetting and installation policies to prevent malicious apps from accessing the device
- Enable full disk encryption and use mobile device management (MDM) solutions to enforce security policies
🔍 How to Verify
Check if Vulnerable:
Check your macOS/iOS/iPadOS version in Settings > General > About. If version is earlier than macOS Sequoia 15.2, iOS 18.2, or iPadOS 18.2, you are vulnerable.Check Version:
On macOS: sw_vers. On iOS/iPadOS: Check in Settings > General > About > Version.Verify Fix Applied:
After updating, verify the version shows macOS Sequoia 15.2, iOS 18.2, or iPadOS 18.2 in Settings > General > About.📡 Detection & Monitoring
Log Indicators:
- Unusual access to system logs by applications
- Patterns of log access coinciding with Messages/Mail usage
Network Indicators:
- None - this is a local information disclosure vulnerability
SIEM Query:
process.name:("log" OR "syslog") AND event.action:"read" AND user.id:!="root" AND target.file.path:"/var/log/*"