CVE-2024-54468
Published: 27 January 2025
Summary
CVE-2024-54468 is a high-severity an unspecified weakness vulnerability in Apple Macos. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to system resources, directly preventing apps from breaking out of sandbox boundaries due to failed checks.
Maintains separate execution domains for processes, mitigating sandbox escape by isolating malicious apps from unauthorized system resources.
Implements a tamperproof reference monitor to mediate and enforce sandbox access control policies that were insufficient in this vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox escape directly enables exploitation for privilege escalation by allowing an unprivileged app to bypass OS restrictions and access protected resources.
NVD Description
The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out…
more
of its sandbox.
Deeper analysisAI
CVE-2024-54468 is a sandbox escape vulnerability affecting multiple Apple operating systems, including iOS prior to version 18.2, iPadOS prior to 18.2 or 17.7.3, macOS Sequoia prior to 15.2, macOS Sonoma prior to 14.7.2, macOS Ventura prior to 13.7.2, tvOS prior to 18.2, and watchOS prior to 11.2. The flaw enables an app to break out of its designated sandbox boundaries, and it was addressed by Apple through improved checks. The vulnerability carries a CVSS v3.1 base score of 8.2 (High), with vector AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N.
Exploitation requires local access to the device, low attack complexity, and user interaction, such as executing a malicious app, with no prior privileges needed. An attacker could leverage this to escape the app's sandbox, achieving high impacts on confidentiality and integrity across a changed scope, potentially allowing unauthorized access to sensitive data or modification of protected resources.
Apple's security advisories, detailed in support documents such as https://support.apple.com/en-us/121837 and related pages, confirm the issue is fixed in the specified versions of iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, and watchOS 11.2. Mitigation requires applying these updates promptly to prevent exploitation.
Details
- CWE(s)