CVE-2024-54557

CVE-2024-54557 is a logic issue in macOS that was addressed through improved restrictions, enabling unauthorized access to protected parts of the file system. The vulnerability affects macOS Sequoia prior to version 15.2, macOS Sonoma prior to 14.7.2, and macOS Ventura prior to 13.7.2. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact from a network-accessible attack with low complexity and no privileges or user interaction required. The issue is associated with CWE-281 (Improper Enforcement of Access Control).

A remote, unauthenticated attacker can exploit this vulnerability over the network without user interaction to read sensitive data from protected file system areas. The unchanged scope and lack of integrity or availability impact suggest the primary risk is data exposure rather than system compromise or disruption.

Apple security advisories recommend updating to macOS Sequoia 15.2, macOS Sonoma 14.7.2, or macOS Ventura 13.7.2, where the logic issue is fixed via enhanced restrictions. Additional details are available in Apple's support documents at https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121840, and https://support.apple.com/en-us/121842.