Vulnerability-Lookup

CVE-2024-54557 (GCVE-0-2024-54557)

Vulnerability from cvelistv5 – Published: 2025-01-27 21:45 – Updated: 2026-04-02 18:09

Summary

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

An attacker may gain access to protected parts of the file system

Assigner

apple

References

3 references

URL	Tags
https://support.apple.com/en-us/121839
https://support.apple.com/en-us/121840
https://support.apple.com/en-us/121842

Impacted products

1 product

Vendor	Product	Version
Apple	macOS	Affected: 0 , < 13.7.2 (custom) Affected: 0 , < 14.7.2 (custom) Affected: 0 , < 15.2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-54557",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-31T19:42:01.321749Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-281",
                "description": "CWE-281 Improper Preservation of Permissions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-31T21:33:02.376Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.7.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An attacker may gain access to protected parts of the file system",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:09:30.456Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121839"
        },
        {
          "url": "https://support.apple.com/en-us/121840"
        },
        {
          "url": "https://support.apple.com/en-us/121842"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-54557",
    "datePublished": "2025-01-27T21:45:30.893Z",
    "dateReserved": "2024-12-03T22:50:35.515Z",
    "dateUpdated": "2026-04-02T18:09:30.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-54557",
      "date": "2026-05-16",
      "epss": "0.00118",
      "percentile": "0.30196"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-54557\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2025-01-27T22:15:14.670\",\"lastModified\":\"2026-04-02T19:18:54.963\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.\"},{\"lang\":\"es\",\"value\":\"Se solucion\u00f3 un problema de l\u00f3gica con restricciones mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14.7.2, macOS Sequoia 15.2 y macOS Ventura 13.7.2. Un atacante puede obtener acceso a partes protegidas del archivo sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-281\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.7.2\",\"matchCriteriaId\":\"0E37694D-5783-4112-B372-5915C231512F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.7.2\",\"matchCriteriaId\":\"617CA14A-5EA4-4112-A564-DB1A5109A066\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndExcluding\":\"15.2\",\"matchCriteriaId\":\"A29E5D37-B333-4B43-9E4A-012CDD2C406D\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/121839\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/121840\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/121842\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-54557\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-31T19:42:01.321749Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-281\", \"description\": \"CWE-281 Improper Preservation of Permissions\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-31T19:42:02.749Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"15.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"13.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"14.7\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/121839\"}, {\"url\": \"https://support.apple.com/en-us/121842\"}, {\"url\": \"https://support.apple.com/en-us/121840\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"An attacker may gain access to protected parts of the file system\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2025-01-27T21:45:30.893Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-54557\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-31T21:33:02.376Z\", \"dateReserved\": \"2024-12-03T22:50:35.515Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2025-01-27T21:45:30.893Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2024-3692

Vulnerability from csaf_certbund - Published: 2024-12-11 23:00 - Updated: 2025-03-24 23:00

Summary

Apple macOS: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Man-in-the-Middle-Angriff durchzuführen.

Betroffene Betriebssysteme: - MacOS X

CVE-2023-32395

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-44201

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-44220

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-44224

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-44225

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-44243

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-44245

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-44246

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-44248

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-44291

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-44300

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-45490

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54465

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54466

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54468

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54474

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54475

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54476

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54477

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54479

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54484

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54486

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54488

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54489

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54490

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54491

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54492

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54493

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54494

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54495

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54498

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54499

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54500

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54501

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54502

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54504

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54505

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54506

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54507

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54508

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54510

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54513

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54514

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54515

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54516

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54517

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54518

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54519

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54520

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54522

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54523

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54524

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54525

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54526

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54527

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54528

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54529

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54530

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54531

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54534

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54536

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54537

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54539

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54541

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54542

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54547

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54549

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54550

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54557

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54559

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

CVE-2024-54565

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS <14.7.2 Apple / macOS		<14.7.2
Apple macOS <15.2 Apple / macOS		<15.2
Apple macOS <13.7.2 Apple / macOS		<13.7.2

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lists.apple.com/archives/security-announc…	external
https://lists.apple.com/archives/security-announc…	external
https://lists.apple.com/archives/security-announc…	external
https://jhftss.github.io/CVE-2024-54527-MediaLibr…	external
https://cybersecuritynews.com/macos-sandbox-vulne…	external
https://github.com/koreacsl/SysBumps	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen, Sicherheitsma\u00dfnahmen zu umgehen oder einen Man-in-the-Middle-Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3692 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3692.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3692 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3692"
      },
      {
        "category": "external",
        "summary": "Apple Security Announce vom 2024-12-11",
        "url": "https://lists.apple.com/archives/security-announce/2024/Dec/msg00002.html"
      },
      {
        "category": "external",
        "summary": "Apple Security Announce vom 2024-12-11",
        "url": "https://lists.apple.com/archives/security-announce/2024/Dec/msg00003.html"
      },
      {
        "category": "external",
        "summary": "Apple Security Announce vom 2024-12-11",
        "url": "https://lists.apple.com/archives/security-announce/2024/Dec/msg00004.html"
      },
      {
        "category": "external",
        "summary": "Mickey\u0027s Blogs vom 2025-01-08",
        "url": "https://jhftss.github.io/CVE-2024-54527-MediaLibraryService-Full-TCC-Bypass/"
      },
      {
        "category": "external",
        "summary": "Cyber Security News vom 2025-01-12",
        "url": "https://cybersecuritynews.com/macos-sandbox-vulnerability-cve-2024-54498-poc-exploit-released/"
      },
      {
        "category": "external",
        "summary": "PoC auf GitHub vom 2025-01-12",
        "url": "https://github.com/koreacsl/SysBumps"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple macOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-03-24T23:00:00.000+00:00",
      "generator": {
        "date": "2025-03-25T12:32:48.191+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-3692",
      "initial_release_date": "2024-12-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-12-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-01-08T23:00:00.000+00:00",
          "number": "2",
          "summary": "PoC aufgenommen"
        },
        {
          "date": "2025-01-12T23:00:00.000+00:00",
          "number": "3",
          "summary": "weiterer PoC aufgenommen"
        },
        {
          "date": "2025-02-12T23:00:00.000+00:00",
          "number": "4",
          "summary": "weiteren PoC aufgenommen"
        },
        {
          "date": "2025-03-17T23:00:00.000+00:00",
          "number": "5",
          "summary": "CVE\u0027s erg\u00e4nzt"
        },
        {
          "date": "2025-03-24T23:00:00.000+00:00",
          "number": "6",
          "summary": "CVE-Nummern erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c15.2",
                "product": {
                  "name": "Apple macOS \u003c15.2",
                  "product_id": "T039820"
                }
              },
              {
                "category": "product_version",
                "name": "15.2",
                "product": {
                  "name": "Apple macOS 15.2",
                  "product_id": "T039820-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:15.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c14.7.2",
                "product": {
                  "name": "Apple macOS \u003c14.7.2",
                  "product_id": "T039821"
                }
              },
              {
                "category": "product_version",
                "name": "14.7.2",
                "product": {
                  "name": "Apple macOS 14.7.2",
                  "product_id": "T039821-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:14.7.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c13.7.2",
                "product": {
                  "name": "Apple macOS \u003c13.7.2",
                  "product_id": "T039822"
                }
              },
              {
                "category": "product_version",
                "name": "13.7.2",
                "product": {
                  "name": "Apple macOS 13.7.2",
                  "product_id": "T039822-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:13.7.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "macOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-32395",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2023-32395"
    },
    {
      "cve": "CVE-2024-44201",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-44201"
    },
    {
      "cve": "CVE-2024-44220",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-44220"
    },
    {
      "cve": "CVE-2024-44224",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-44224"
    },
    {
      "cve": "CVE-2024-44225",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-44225"
    },
    {
      "cve": "CVE-2024-44243",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-44243"
    },
    {
      "cve": "CVE-2024-44245",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-44245"
    },
    {
      "cve": "CVE-2024-44246",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-44246"
    },
    {
      "cve": "CVE-2024-44248",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-44248"
    },
    {
      "cve": "CVE-2024-44291",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-44291"
    },
    {
      "cve": "CVE-2024-44300",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-44300"
    },
    {
      "cve": "CVE-2024-45490",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-45490"
    },
    {
      "cve": "CVE-2024-54465",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54465"
    },
    {
      "cve": "CVE-2024-54466",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54466"
    },
    {
      "cve": "CVE-2024-54468",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54468"
    },
    {
      "cve": "CVE-2024-54474",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54474"
    },
    {
      "cve": "CVE-2024-54475",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54475"
    },
    {
      "cve": "CVE-2024-54476",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54476"
    },
    {
      "cve": "CVE-2024-54477",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54477"
    },
    {
      "cve": "CVE-2024-54479",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54479"
    },
    {
      "cve": "CVE-2024-54484",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54484"
    },
    {
      "cve": "CVE-2024-54486",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54486"
    },
    {
      "cve": "CVE-2024-54488",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54488"
    },
    {
      "cve": "CVE-2024-54489",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54489"
    },
    {
      "cve": "CVE-2024-54490",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54490"
    },
    {
      "cve": "CVE-2024-54491",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54491"
    },
    {
      "cve": "CVE-2024-54492",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54492"
    },
    {
      "cve": "CVE-2024-54493",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54493"
    },
    {
      "cve": "CVE-2024-54494",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54494"
    },
    {
      "cve": "CVE-2024-54495",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54495"
    },
    {
      "cve": "CVE-2024-54498",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54498"
    },
    {
      "cve": "CVE-2024-54499",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54499"
    },
    {
      "cve": "CVE-2024-54500",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54500"
    },
    {
      "cve": "CVE-2024-54501",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54501"
    },
    {
      "cve": "CVE-2024-54502",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54502"
    },
    {
      "cve": "CVE-2024-54504",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54504"
    },
    {
      "cve": "CVE-2024-54505",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54505"
    },
    {
      "cve": "CVE-2024-54506",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54506"
    },
    {
      "cve": "CVE-2024-54507",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54507"
    },
    {
      "cve": "CVE-2024-54508",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54508"
    },
    {
      "cve": "CVE-2024-54510",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54510"
    },
    {
      "cve": "CVE-2024-54513",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54513"
    },
    {
      "cve": "CVE-2024-54514",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54514"
    },
    {
      "cve": "CVE-2024-54515",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54515"
    },
    {
      "cve": "CVE-2024-54516",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54516"
    },
    {
      "cve": "CVE-2024-54517",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54517"
    },
    {
      "cve": "CVE-2024-54518",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54518"
    },
    {
      "cve": "CVE-2024-54519",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54519"
    },
    {
      "cve": "CVE-2024-54520",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54520"
    },
    {
      "cve": "CVE-2024-54522",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54522"
    },
    {
      "cve": "CVE-2024-54523",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54523"
    },
    {
      "cve": "CVE-2024-54524",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54524"
    },
    {
      "cve": "CVE-2024-54525",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54525"
    },
    {
      "cve": "CVE-2024-54526",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54526"
    },
    {
      "cve": "CVE-2024-54527",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54527"
    },
    {
      "cve": "CVE-2024-54528",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54528"
    },
    {
      "cve": "CVE-2024-54529",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54529"
    },
    {
      "cve": "CVE-2024-54530",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54530"
    },
    {
      "cve": "CVE-2024-54531",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54531"
    },
    {
      "cve": "CVE-2024-54534",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54534"
    },
    {
      "cve": "CVE-2024-54536",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54536"
    },
    {
      "cve": "CVE-2024-54537",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54537"
    },
    {
      "cve": "CVE-2024-54539",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54539"
    },
    {
      "cve": "CVE-2024-54541",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54541"
    },
    {
      "cve": "CVE-2024-54542",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54542"
    },
    {
      "cve": "CVE-2024-54547",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54547"
    },
    {
      "cve": "CVE-2024-54549",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54549"
    },
    {
      "cve": "CVE-2024-54550",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54550"
    },
    {
      "cve": "CVE-2024-54557",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54557"
    },
    {
      "cve": "CVE-2024-54559",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54559"
    },
    {
      "cve": "CVE-2024-54565",
      "product_status": {
        "known_affected": [
          "T039821",
          "T039820",
          "T039822"
        ]
      },
      "release_date": "2024-12-11T23:00:00.000+00:00",
      "title": "CVE-2024-54565"
    }
  ]
}

BDU:2025-01374

Vulnerability from fstec - Published: 27.01.2025

Title

Уязвимость компонента Restrictions Handler операционных систем MacOS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость компонента Restrictions Handler операционных систем MacOS связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vendor

Apple Inc.

Software Name

MacOS

Software Version

до Sequoia 15.2 (MacOS), до Sonoma 14.7.2 (MacOS), до Ventura 13.7.2 (MacOS)

Possible Mitigations

Использование рекомендаций производителя: https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

Reference

https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842

CWE

CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Apple Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e Sequoia 15.2 (MacOS), \u0434\u043e Sonoma 14.7.2 (MacOS), \u0434\u043e Ventura 13.7.2 (MacOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://support.apple.com/en-us/121839\t\nhttps://support.apple.com/en-us/121840\t\nhttps://support.apple.com/en-us/121842",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.01.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "12.02.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.02.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-01374",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-54557",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "MacOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Apple Inc. MacOS \u0434\u043e Sequoia 15.2 , Apple Inc. MacOS \u0434\u043e Sonoma 14.7.2 , Apple Inc. MacOS \u0434\u043e Ventura 13.7.2 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Restrictions Handler \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c MacOS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Restrictions Handler \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c MacOS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.apple.com/en-us/121839\t\nhttps://support.apple.com/en-us/121840\t\nhttps://support.apple.com/en-us/121842",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}

GHSA-Q965-9JFQ-2H9G

Vulnerability from github – Published: 2025-01-28 00:32 – Updated: 2025-01-30 18:32

Details

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-54557"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-27T22:15:14Z",
    "severity": "HIGH"
  },
  "details": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.",
  "id": "GHSA-q965-9jfq-2h9g",
  "modified": "2025-01-30T18:32:05Z",
  "published": "2025-01-28T00:32:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54557"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121839"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121840"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121842"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2024-54557

Vulnerability from fkie_nvd - Published: 2025-01-27 22:15 - Updated: 2026-04-02 19:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/121839	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/121840	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/121842	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	macos	*
apple	macos	*
apple	macos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E37694D-5783-4112-B372-5915C231512F",
              "versionEndExcluding": "13.7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "617CA14A-5EA4-4112-A564-DB1A5109A066",
              "versionEndExcluding": "14.7.2",
              "versionStartIncluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29E5D37-B333-4B43-9E4A-012CDD2C406D",
              "versionEndExcluding": "15.2",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system."
    },
    {
      "lang": "es",
      "value": "Se solucion\u00f3 un problema de l\u00f3gica con restricciones mejoradas. Este problema se solucion\u00f3 en macOS Sonoma 14.7.2, macOS Sequoia 15.2 y macOS Ventura 13.7.2. Un atacante puede obtener acceso a partes protegidas del archivo sistema."
    }
  ],
  "id": "CVE-2024-54557",
  "lastModified": "2026-04-02T19:18:54.963",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-27T22:15:14.670",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/121839"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/121840"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/121842"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-281"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-54557 (GCVE-0-2024-54557)

WID-SEC-W-2024-3692

BDU:2025-01374

GHSA-Q965-9JFQ-2H9G

FKIE_CVE-2024-54557

Tags

Sightings

Nomenclature