CVE-2024-54557
Published: 27 January 2025
Summary
CVE-2024-54557 is a high-severity Improper Preservation of Permissions (CWE-281) vulnerability in Apple Macos. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 30.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access to information and system resources, directly countering the logic flaw enabling unauthorized file system access.
Requires timely identification, reporting, and remediation of flaws like this macOS logic issue through vendor patches to versions 15.2, 14.7.2, or 13.7.2.
Implements a reference monitor to mediate all access control decisions, addressing the improper enforcement of restrictions on protected file system areas.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly enables remote unauthorized reads of protected local file system data (CWE-281 access control bypass), mapping to T1005 Data from Local System.
NVD Description
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.
Deeper analysisAI
CVE-2024-54557 is a logic issue in macOS that was addressed through improved restrictions, enabling unauthorized access to protected parts of the file system. The vulnerability affects macOS Sequoia prior to version 15.2, macOS Sonoma prior to 14.7.2, and macOS Ventura prior to 13.7.2. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact from a network-accessible attack with low complexity and no privileges or user interaction required. The issue is associated with CWE-281 (Improper Enforcement of Access Control).
A remote, unauthenticated attacker can exploit this vulnerability over the network without user interaction to read sensitive data from protected file system areas. The unchanged scope and lack of integrity or availability impact suggest the primary risk is data exposure rather than system compromise or disruption.
Apple security advisories recommend updating to macOS Sequoia 15.2, macOS Sonoma 14.7.2, or macOS Ventura 13.7.2, where the logic issue is fixed via enhanced restrictions. Additional details are available in Apple's support documents at https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121840, and https://support.apple.com/en-us/121842.
Details
- CWE(s)