PoC published for CVE-2024-54498 macOS sandbox escape patched in macOS Sequoia 15.2
Apple device security nerds, unless they’ve been living under a rock, have probably heard about CVE-2024-54498, or perhaps better known as the sharedfilelistd vulnerability. It was one of several vulnerabilities that Apple claims to have patched in macOS Sequoia 15.2, macOS Sonoma 14.7.2, and macOS Ventura 13.7.2, citing details shared on Apple’s About the security content of macOS Sequoia 15.2 web page.
But what if we told you that someone had already made something out of it? Well… it seems they have.
In a post shared to social media platform X (formerly Twitter), security researcher @wh1te4ever published a link to GitHub page for what appears to be a Proof of Concept for CVE-2024-54498, calling it a 1day in their post. A 1day vulnerability is defined as where a patch is available, but many users may not yet have installed, which means many of those users remain vulnerable.
In quickly glancing at the GitHub page for @wh1te4ever’s CVE-2024-54498 Proof of Concept, we can see that it allows for escaping the macOS Sandbox using the sharedfilelistd exploit. A Proof of Concept like this one allows others to learn from and test the vulnerability and see where things went wrong.
In macOS, the Sandbox is essentially a security restraint for apps that limits what those apps can do and prevent them from accessing personal data and compromising it. When a malicious application escapes the Sandbox in macOS, the security restraints are effectively removed, which means the app has free reign to do what the developer wants with potentially sensitive resources stored on your machine.
Based on that, you may be able to understand why this can be problematic and why Apple promptly issued a security patch.
On the United States’ National Institute of Standards and Technology’s National Vulnerability Database web page about CVE-2024-54498, we learn that the vulnerability stemmed from a path handling issue and that Apple addressed it in macOS Sequoia 15.2, macOS Sonoma 14.7.2, and macOS Ventura 13.7.2 by improving validation.
Interestingly enough, we do not see the same CVE entry for any recent release of iOS or iPadOS, so this vulnerability doesn’t appear to affect iPhones and iPads in its current form.
In any case, it’s a good idea to keep your Mac up to date if you value your personal security. This is the one exception to where we generally recommend staying on the lowest possible firmware for the potential of jailbreaking your device, but since there aren’t jailbreaks for Macs, that’s something of a moot point in this case.
Have you updated your Mac to macOS Sequoia 15.2 yet? Let us know in the comments section down below.
Source link: https://www.idownloadblog.com/2025/01/08/sharedfilelistd-macos-sandbox-escape-proof-of-concept/
Leave a Reply