AI description
CVE-2024-54471 is a vulnerability in macOS that could allow a malicious application to leak a user's credentials. It exploits inter-process communication (IPC) mechanisms within macOS, specifically the Mach kernel's messaging system. The vulnerability lies in the lack of sender verification in Mach Interface Generator (MIG) servers, potentially allowing unauthorized tasks to call routines and access sensitive information. The vulnerability was exploited through the NetAuthAgent daemon, which handles credentials for file servers. An attacker could send a message to NetAuthAgent to obtain credentials for any server. The issue has been addressed with additional entitlement checks and was fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1.
- Description
- This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials.
- Source
- product-security@apple.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
به تازگی برای macOS آسیب پذیری با کد شناسایی CVE-2024-54471 منتشر شده است. هکرها با استفاده از این آسیب پذیری می توانند به پسوردهای سیستم دسترسی پیدا نمایند. برای پیشگیری و مقابله با این تهدید به نسخه macOS Sequoia 15.1 به روز رسانی نمایید. https://t.co/9yevFdDX3p
@cybernetic_cy
23 Mar 2025
46 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
TIL how a decades-old design decision in the Mach microkernel helped enable a recent macOS vulnerability (CVE-2024-54471). Let’s talk about Mach, macOS, and a juicy password-leaking bug. 🧵 https://t.co/Hz1o8NjZOo
@securedstacks
22 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-54471: Leaking Passwords (and More!) on macOS #HackerNews https://t.co/CwjqEH7ywj
@hackernewstop5
20 Mar 2025
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54471: Leaking Passwords (and More!) on macOS https://t.co/prLPGr8lSr 4
@cevaboyz
20 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
It's here. My write-up for CVE-2024-54471. Enjoy :) https://t.co/9yZIel9UVC
@wtsdev
20 Mar 2025
5056 Impressions
23 Retweets
66 Likes
33 Bookmarks
3 Replies
1 Quote
CVE-2024-54471 spoilers without context 👀 https://t.co/w87qljpWoo
@wtsdev
20 Mar 2025
188 Impressions
0 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54471 This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to … https://t.co/m7DBol4vrI
@CVEnew
12 Dec 2024
203 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The CVE record for CVE-2024-54471 currently appears to only indicate it being fixed in macOS Sonoma 14.7.1, and macOS Ventura 13.7.1. To be clear, as per Apple's own advisories, it was also fixed in macOS Sequoia 15.1. I've been told an update to the record is being worked on.
@wtsdev
12 Dec 2024
168 Impressions
0 Retweets
2 Likes
0 Bookmarks
2 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012",
"versionEndExcluding": "13.7.1"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE",
"versionEndExcluding": "14.7.1",
"versionStartIncluding": "14.0"
}
],
"operator": "OR"
}
]
}
]