CVE-2024-23260: An app may be able to access user-sensitive data in Apple macOS
CVE-2024-23260 is a vulnerability in Apple macOS where an app may be able to access user-sensitive data due to a logic issue. This issue was addressed by Apple in macOS Sonoma 14. 4 through the removal of additional entitlements, improving checks to prevent unauthorized data access. The vulnerability has a CVSS score of 5. 5 (medium severity) and does not require user interaction for exploitation. Apple has released an official patch as part of macOS Sonoma 14. 4 to remediate this issue.
AI Analysis
Technical Summary
CVE-2024-23260 is a medium-severity vulnerability affecting Apple macOS, specifically addressed in macOS Sonoma 14.4. The vulnerability arises from a logic issue that could allow an app with limited privileges to access sensitive user data improperly. Apple remediated this by removing additional entitlements that previously allowed such access. The vulnerability has an attack vector of local (AV:L), low attack complexity (AC:L), requires low privileges (PR:L), and no user interaction (UI:N), with a confidentiality impact rated as high (C:H). The fix is included in the official macOS Sonoma 14.4 update released on March 7, 2024.
Potential Impact
A malicious or unprivileged app running on a vulnerable macOS system could access sensitive user data without proper authorization, potentially leading to privacy violations. The vulnerability does not affect system integrity or availability but compromises confidentiality. There are no known exploits in the wild at this time.
Mitigation Recommendations
Apple has provided an official fix for this vulnerability in macOS Sonoma 14.4. Users and administrators should update affected systems to macOS Sonoma 14.4 or later to remediate this issue. No additional mitigation steps are required beyond applying the official update.
CVE-2024-23260: An app may be able to access user-sensitive data in Apple macOS
Description
CVE-2024-23260 is a vulnerability in Apple macOS where an app may be able to access user-sensitive data due to a logic issue. This issue was addressed by Apple in macOS Sonoma 14. 4 through the removal of additional entitlements, improving checks to prevent unauthorized data access. The vulnerability has a CVSS score of 5. 5 (medium severity) and does not require user interaction for exploitation. Apple has released an official patch as part of macOS Sonoma 14. 4 to remediate this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-23260 is a medium-severity vulnerability affecting Apple macOS, specifically addressed in macOS Sonoma 14.4. The vulnerability arises from a logic issue that could allow an app with limited privileges to access sensitive user data improperly. Apple remediated this by removing additional entitlements that previously allowed such access. The vulnerability has an attack vector of local (AV:L), low attack complexity (AC:L), requires low privileges (PR:L), and no user interaction (UI:N), with a confidentiality impact rated as high (C:H). The fix is included in the official macOS Sonoma 14.4 update released on March 7, 2024.
Potential Impact
A malicious or unprivileged app running on a vulnerable macOS system could access sensitive user data without proper authorization, potentially leading to privacy violations. The vulnerability does not affect system integrity or availability but compromises confidentiality. There are no known exploits in the wild at this time.
Mitigation Recommendations
Apple has provided an official fix for this vulnerability in macOS Sonoma 14.4. Users and administrators should update affected systems to macOS Sonoma 14.4 or later to remediate this issue. No additional mitigation steps are required beyond applying the official update.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-01-12T22:22:21.489Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a47536d939959c802286a
Added to database: 11/4/2025, 6:34:59 PM
Last enriched: 4/9/2026, 11:05:15 PM
Last updated: 5/9/2026, 8:45:12 AM
Views: 49
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.