CVE-2024-54493: 
macOS vulnerability analysis and mitigation

A privacy-related vulnerability (CVE-2024-54493) was discovered in macOS Sequoia affecting privacy indicators for microphone access. The issue was disclosed on December 11, 2024, and fixed in macOS Sequoia 15.2. The vulnerability could cause privacy indicators for microphone access to be attributed incorrectly to applications (Apple Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 3.3 (Low severity) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit. The impact is limited to low integrity impact with no confidentiality or availability impact (NVD).

When exploited, the vulnerability could lead to incorrect attribution of microphone access privacy indicators, potentially misleading users about which applications are accessing their microphone. This could have privacy implications as users may not be correctly informed about which applications are actively using their microphone (Apple Advisory, CIS Advisory).

Apple has addressed this vulnerability through improved state management in macOS Sequoia 15.2. Users are advised to update their systems to this version or later to mitigate the issue (Apple Advisory).