CVE-2024-46060 is a local privilege escalation vulnerability affecting Anaconda3 macOS installers before version 2024.06-1. The vulnerability occurs specifically when the installer is executed outside the user's home directory. During installation, the process creates files with world-writable permissions that are subsequently executed with root privileges. This insecure file permission setting (classified under CWE-732: Incorrect Permission Assignment for Critical Resource) allows a local attacker with limited privileges to inject arbitrary commands into these files. Because these files run with root privileges, the attacker can achieve arbitrary code execution as the root user, effectively escalating their privileges on the system. The vulnerability also involves command injection risks (CWE-77), where injected commands can be executed due to improper handling of file permissions and execution context. The attack vector requires local access with low privileges but does not require user interaction, making exploitation feasible in multi-user environments or where local access is shared. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and privileges required. No public exploits or patches are currently available, but the issue is documented and assigned a CVE identifier. This vulnerability is particularly relevant for environments where Anaconda3 is installed system-wide or in directories accessible by multiple users, increasing the risk of unauthorized privilege escalation.

For European organizations, this vulnerability poses a significant risk in environments where Anaconda3 is installed on macOS systems outside individual user directories, such as shared workstations, research labs, or enterprise development machines. Successful exploitation allows a local attacker to gain root privileges, potentially leading to full system compromise, unauthorized access to sensitive data, and disruption of critical services. This can undermine confidentiality, integrity, and availability of affected systems. Organizations relying on Anaconda for data science, machine learning, or software development may face operational disruptions and increased risk of insider threats or lateral movement by attackers. The vulnerability's local nature limits remote exploitation but does not diminish its severity in multi-user or shared environments common in academic and corporate settings across Europe. Additionally, the lack of user interaction requirement facilitates stealthy exploitation. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once patches are released or if the vulnerability becomes publicly known.

1. Ensure Anaconda3 installations on macOS are performed strictly within the user's home directory to avoid triggering the vulnerability. 2. Restrict local user access to installation directories and audit permissions to prevent unauthorized modification of installer-created files. 3. Monitor and enforce file permissions on Anaconda-related directories to detect and remediate world-writable files promptly. 4. Implement strict local user privilege management and segmentation to limit the number of users with local access and reduce attack surface. 5. Once available, promptly apply official patches or updated installers from Anaconda that address this vulnerability. 6. Employ endpoint detection and response (EDR) tools to monitor for suspicious local command executions or privilege escalation attempts. 7. Educate users and administrators about the risks of installing software outside recommended directories and the importance of adhering to security best practices. 8. Consider deploying macOS security features such as System Integrity Protection (SIP) and mandatory access controls to limit the impact of local exploits.