CVE-2024-54564
📋 TL;DR
This vulnerability allows files received via AirDrop to bypass macOS/iOS quarantine flagging, which normally warns users about potentially unsafe files. Attackers could deliver malicious files that appear safer than they actually are. Affects Apple users receiving files via AirDrop on vulnerable macOS, iOS, iPadOS, and visionOS versions.
💻 Affected Systems
- macOS
- iOS
- iPadOS
- visionOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Malicious files execute without user warnings, leading to full system compromise, data theft, or ransomware deployment.
Likely Case
Users inadvertently open malicious files thinking they're safe, leading to malware infection or data exfiltration.
If Mitigated
Users exercise caution with all AirDrop files regardless of warnings, limiting successful attacks.
🎯 Exploit Status
Requires attacker to be within AirDrop range and have target accept file transfer.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: visionOS 1.3, macOS Sonoma 14.6, iOS 17.6, iPadOS 17.6
Vendor Advisory: https://support.apple.com/en-us/120909
Restart Required: Yes
Instructions:
1. Open Settings/System Preferences. 2. Go to General > Software Update. 3. Install available updates. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable AirDrop
allPrevent file transfers via AirDrop entirely
On macOS: Open Finder > AirDrop > Click 'Allow me to be discovered by:' > Select 'No One'
On iOS/iPadOS: Open Control Center > Long press network settings > Tap AirDrop > Select 'Receiving Off'
Set AirDrop to Contacts Only
allLimit AirDrop to known contacts only
On macOS: Open Finder > AirDrop > Click 'Allow me to be discovered by:' > Select 'Contacts Only'
On iOS/iPadOS: Open Control Center > Long press network settings > Tap AirDrop > Select 'Contacts Only'
🧯 If You Can't Patch
- Disable AirDrop or set to 'Contacts Only' mode
- Educate users to manually quarantine suspicious files: 'xattr -w com.apple.quarantine' on macOS
🔍 How to Verify
Check if Vulnerable:
Check system version against affected versions listCheck Version:
On macOS: 'sw_vers -productVersion', On iOS/iPadOS: Settings > General > About > VersionVerify Fix Applied:
Confirm system is running visionOS 1.3+, macOS Sonoma 14.6+, iOS 17.6+, or iPadOS 17.6+📡 Detection & Monitoring
Log Indicators:
- AirDrop file transfers in system logs
- Files executing without quarantine warnings
Network Indicators:
- AirDrop protocol traffic (AWDL interface)
SIEM Query:
source="apple_system_logs" AND "AirDrop" AND "receive"