CVE-2024-54471

Published: Dic 12, 2024 Last Modified: Mar 20, 2025 EU-VD ID: EUVD-2024-52578
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0013
Percentile
0,3th
Updated

EPSS Score Trend (Last 90 Days)

522

Insufficiently Protected Credentials

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
Technologies: ICS/OT, Not Technology-Specific, Web Based
View CWE Details
Operating System

Macos by Apple

Product Information
Vendor Apple
Product Macos
Version Range Affected
From 14.0 (inclusive)
To 14.7.1 (exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Macos by Apple

Product Information
Vendor Apple
Product Macos
Version Range Affected
To 13.7.1 (exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://news.ycombinator.com/item?id=43425605
https://news.ycombinator.com/item?id=43425605
https://wts.dev/posts/password-leak/
https://wts.dev/posts/password-leak/
https://support.apple.com/en-us/121568
Vendor Advisory
https://support.apple.com/en-us/121568
https://support.apple.com/en-us/121570
Vendor Advisory
https://support.apple.com/en-us/121570