CVE-2024-27792: An app may be able to access user-sensitive data in Apple macOS
CVE-2024-27792 is a medium severity vulnerability in Apple macOS where an app may be able to access user-sensitive data due to insufficient user consent prompts. This issue was addressed by Apple in macOS Sonoma 14. 4 through the addition of an extra prompt for user consent, improving privacy protections. The vulnerability relates to a logic issue categorized under CWE-284 (Improper Access Control). There are no known exploits in the wild at this time. The fix is available in the official macOS Sonoma 14. 4 update released on March 7, 2024.
AI Analysis
Technical Summary
CVE-2024-27792 is a vulnerability in Apple macOS that could allow an application to access sensitive user data without adequate user consent. The issue stems from insufficient access control mechanisms, which Apple addressed by adding an additional user consent prompt in macOS Sonoma 14.4. This update improves privacy by ensuring that apps cannot silently access sensitive data. The vulnerability has a CVSS 3.1 base score of 5.5, reflecting medium severity with local attack vector, low attack complexity, no privileges required, and user interaction required. The vendor advisory confirms the issue is fixed in macOS Sonoma 14.4.
Potential Impact
An unprivileged app could potentially access sensitive user data without proper authorization, which may lead to privacy violations. However, exploitation requires local access and user interaction. There are no reports of active exploitation in the wild. The impact is limited to confidentiality, with no integrity or availability effects reported.
Mitigation Recommendations
Apply the official update macOS Sonoma 14.4 or later, which includes the fix for this vulnerability by adding an additional user consent prompt. No further action is required if the system is already updated to this version or later. Users should ensure their macOS installations are kept current to benefit from this and other security improvements.
CVE-2024-27792: An app may be able to access user-sensitive data in Apple macOS
Description
CVE-2024-27792 is a medium severity vulnerability in Apple macOS where an app may be able to access user-sensitive data due to insufficient user consent prompts. This issue was addressed by Apple in macOS Sonoma 14. 4 through the addition of an extra prompt for user consent, improving privacy protections. The vulnerability relates to a logic issue categorized under CWE-284 (Improper Access Control). There are no known exploits in the wild at this time. The fix is available in the official macOS Sonoma 14. 4 update released on March 7, 2024.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-27792 is a vulnerability in Apple macOS that could allow an application to access sensitive user data without adequate user consent. The issue stems from insufficient access control mechanisms, which Apple addressed by adding an additional user consent prompt in macOS Sonoma 14.4. This update improves privacy by ensuring that apps cannot silently access sensitive data. The vulnerability has a CVSS 3.1 base score of 5.5, reflecting medium severity with local attack vector, low attack complexity, no privileges required, and user interaction required. The vendor advisory confirms the issue is fixed in macOS Sonoma 14.4.
Potential Impact
An unprivileged app could potentially access sensitive user data without proper authorization, which may lead to privacy violations. However, exploitation requires local access and user interaction. There are no reports of active exploitation in the wild. The impact is limited to confidentiality, with no integrity or availability effects reported.
Mitigation Recommendations
Apply the official update macOS Sonoma 14.4 or later, which includes the fix for this vulnerability by adding an additional user consent prompt. No further action is required if the system is already updated to this version or later. Users should ensure their macOS installations are kept current to benefit from this and other security improvements.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-02-26T15:32:28.515Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a47616d939959c8022f39
Added to database: 11/4/2025, 6:35:13 PM
Last enriched: 4/9/2026, 11:10:54 PM
Last updated: 5/9/2026, 7:27:41 AM
Views: 121
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.