CVE-2024-54466 is an authorization vulnerability in Apple macOS that allows an encrypted volume to be accessed by a user other than the one who encrypted it, without prompting for the password. The root cause is an improper state management flaw that bypasses the expected authentication mechanism for accessing encrypted volumes. This vulnerability affects multiple macOS versions prior to the patched releases: macOS Sequoia 15.2, Ventura 13.7.2, and Sonoma 14.7.2. The issue falls under CWE-862 (Missing Authorization) and has a CVSS v3.1 base score of 6.5, indicating medium severity. The attack vector is network-independent (local access required), with low attack complexity, no privileges required, and user interaction needed to trigger the flaw. The impact is primarily on confidentiality, as unauthorized users can access encrypted data without the password, but integrity and availability are not affected. Apple has not reported any known exploits in the wild yet. The vulnerability highlights a critical gap in macOS’s encrypted volume access controls, potentially exposing sensitive data to unauthorized users on shared or multi-user systems.

For European organizations, this vulnerability poses a significant risk to data confidentiality, especially for entities that rely on macOS encrypted volumes to protect sensitive or regulated information such as personal data under GDPR, intellectual property, or financial records. Unauthorized access to encrypted volumes could lead to data breaches, regulatory penalties, and reputational damage. The flaw is particularly concerning in environments with shared macOS devices or where multiple users have physical or remote access to the same machine. Although the vulnerability does not affect data integrity or system availability, the unauthorized disclosure of encrypted data can have severe operational and compliance consequences. Organizations in sectors such as finance, healthcare, legal, and government that use macOS systems extensively are at higher risk. The absence of known exploits in the wild reduces immediate threat but does not eliminate the risk of future exploitation, making timely patching critical.

European organizations should immediately verify their macOS versions and prioritize upgrading to macOS Sequoia 15.2, Ventura 13.7.2, or Sonoma 14.7.2 where this vulnerability is fixed. Until patches are applied, organizations should restrict access to macOS devices with encrypted volumes to trusted users only and consider additional endpoint security controls such as disk encryption management tools that enforce strict access policies. Implementing strong physical security controls to prevent unauthorized local access is essential. Organizations should audit user permissions and monitor for unusual access patterns to encrypted volumes. Additionally, educating users about the risk of sharing devices and enforcing strict user session management can reduce exposure. For environments with high security requirements, consider using alternative encryption solutions or additional layers of encryption that are not affected by this vulnerability. Regularly review Apple security advisories for updates or new mitigations related to this issue.