CVE-2024-27886: An unprivileged app may be able to log keystrokes in other apps including those using secure input mode in Apple macOS
CVE-2024-27886 is a logic vulnerability in Apple macOS that allowed an unprivileged application to log keystrokes from other applications, including those using secure input mode. This issue was addressed by Apple with improved restrictions in macOS Sonoma 14. 4 and macOS Ventura 13. 7. The vulnerability has a CVSS score of 7. 5, indicating high severity. There are no known exploits in the wild at the time of this advisory. Apple has released official patches to remediate this issue.
AI Analysis
Technical Summary
CVE-2024-27886 is a logic flaw in macOS that permitted an unprivileged app to capture keystrokes from other apps, even those employing secure input mode designed to protect sensitive input. Apple fixed this vulnerability by implementing improved restrictions to prevent unauthorized keystroke logging. The fix is included in macOS Sonoma 14.4 and macOS Ventura 13.7. The vulnerability is rated high severity with a CVSS 3.1 base score of 7.5 (Network attack vector, low attack complexity, no privileges required, no user interaction, impact limited to integrity).
Potential Impact
An unprivileged app could log keystrokes from other applications, including those using secure input mode, potentially compromising sensitive user input such as passwords or confidential data. This undermines the confidentiality and integrity of user input across affected macOS versions prior to the patched releases. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Apple has released official patches addressing this vulnerability in macOS Sonoma 14.4 and macOS Ventura 13.7. Users and administrators should apply these updates promptly to remediate the issue. No additional mitigation steps are indicated by the vendor advisory.
CVE-2024-27886: An unprivileged app may be able to log keystrokes in other apps including those using secure input mode in Apple macOS
Description
CVE-2024-27886 is a logic vulnerability in Apple macOS that allowed an unprivileged application to log keystrokes from other applications, including those using secure input mode. This issue was addressed by Apple with improved restrictions in macOS Sonoma 14. 4 and macOS Ventura 13. 7. The vulnerability has a CVSS score of 7. 5, indicating high severity. There are no known exploits in the wild at the time of this advisory. Apple has released official patches to remediate this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-27886 is a logic flaw in macOS that permitted an unprivileged app to capture keystrokes from other apps, even those employing secure input mode designed to protect sensitive input. Apple fixed this vulnerability by implementing improved restrictions to prevent unauthorized keystroke logging. The fix is included in macOS Sonoma 14.4 and macOS Ventura 13.7. The vulnerability is rated high severity with a CVSS 3.1 base score of 7.5 (Network attack vector, low attack complexity, no privileges required, no user interaction, impact limited to integrity).
Potential Impact
An unprivileged app could log keystrokes from other applications, including those using secure input mode, potentially compromising sensitive user input such as passwords or confidential data. This undermines the confidentiality and integrity of user input across affected macOS versions prior to the patched releases. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Apple has released official patches addressing this vulnerability in macOS Sonoma 14.4 and macOS Ventura 13.7. Users and administrators should apply these updates promptly to remediate the issue. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-02-26T15:32:28.544Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 690a2de9f0ba78a050536ea4
Added to database: 11/4/2025, 4:46:33 PM
Last enriched: 4/9/2026, 11:22:18 PM
Last updated: 5/9/2026, 8:58:55 AM
Views: 42
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.