CVE-2024-54529

Published: Dec 12, 2024Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

Affected (3)

Products: Apple: Macos

Apple

1 product

Macos

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	From 13.0 to 13.7.2
Apple Macos	From 14.0 to 14.7.2
Apple Macos	From 15.0 to 15.2

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (5)

https://support.apple.com/en-us/121839

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/121840

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/121842

Source: product-security@apple.com

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2024/Dec/7

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2024/Dec/9

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.