CVE-2024-54537
Published: 27 January 2025
Summary
CVE-2024-54537 is a high-severity an unspecified weakness vulnerability in Apple Macos. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 22.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces entitlement checks and approved authorizations to prevent apps from reading or writing files outside their sandbox boundaries.
Maintains separate execution domains for apps to isolate them within sandbox confines, blocking unauthorized file access.
Implements a reference monitor to mediate and enforce sandbox access control policies against escape attempts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox escape via entitlement bypass directly enables privilege escalation (T1068) and abuse of macOS elevation controls (T1548).
NVD Description
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to read and write files outside of its sandbox.
Deeper analysisAI
CVE-2024-54537 is a sandbox escape vulnerability affecting macOS systems, where a malicious app can read and write files outside of its designated sandbox. The issue impacts macOS versions prior to Sequoia 15.2, Sonoma 14.7.2, and Ventura 13.7.2. It was addressed by Apple through additional entitlement checks to enforce proper sandbox boundaries.
The vulnerability has a CVSS v3.1 base score of 8.2 (High), with local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). A local attacker can exploit it by tricking a user into running a malicious app, achieving high confidentiality and integrity impacts (C:H/I:H) with changed scope (S:C) but no availability impact (A:N). Successful exploitation allows the app to access and modify sensitive files beyond its sandbox restrictions.
Apple's security advisories confirm the fix in macOS Sequoia 15.2, Sonoma 14.7.2, and Ventura 13.7.2 via enhanced entitlement checks. Relevant updates are detailed in support documents at https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121840, and https://support.apple.com/en-us/121842, recommending immediate patching for affected systems.
Details
- CWE(s)