CVE-2024-54515: 
macOS vulnerability analysis and mitigation

A logic issue in macOS Sequoia that allows a malicious app to gain root privileges was identified and tracked as CVE-2024-54515. The vulnerability was discovered by an anonymous researcher and fixed in macOS Sequoia 15.2, released on December 11, 2024. This security flaw affects macOS systems running versions prior to 15.2 (Apple Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

If exploited, this vulnerability allows a malicious application to elevate its privileges to root level, potentially enabling full system access and control. This could lead to unauthorized access to sensitive data, modification of system files, and complete compromise of the affected system (CIS Advisory).

Apple has addressed this vulnerability in macOS Sequoia 15.2. Users are strongly advised to update their systems to this version immediately. The fix implements improved restrictions to address the underlying logic issue (Apple Advisory).