CVE-2024-54504 is a privacy vulnerability identified in Apple macOS, specifically addressed in macOS Sequoia 15.2. The root cause lies in insufficient redaction of private data within system log entries, which allows an application with limited privileges (local access) to read sensitive user information that should otherwise be protected. The vulnerability is classified under CWE-922, indicating improper restriction of sensitive information in logs. The CVSS 3.1 base score is 5.5 (medium severity), with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, meaning the attack requires local access with low complexity, privileges, and no user interaction, and it impacts confidentiality significantly but does not affect integrity or availability. No specific affected macOS versions are detailed, but the fix is included in macOS Sequoia 15.2. There are no known exploits in the wild, suggesting limited current exploitation but a potential risk if attackers gain local access. The vulnerability could be leveraged by malicious or compromised applications to extract sensitive user data from logs, potentially leading to privacy breaches or further targeted attacks.

For European organizations, the primary impact is the potential unauthorized disclosure of sensitive user data on macOS devices. This could affect enterprises with macOS endpoints, especially in sectors like finance, healthcare, legal, and government where confidentiality is critical. Data leakage could lead to privacy violations under GDPR, resulting in regulatory penalties and reputational damage. Since exploitation requires local access, the threat is more relevant in environments where endpoint security is weak or insider threats exist. The vulnerability does not affect system integrity or availability, so it is less likely to cause operational disruption but poses a significant privacy risk. Organizations with remote or hybrid workforces using macOS devices may face increased exposure if endpoint controls are insufficient.

Organizations should prioritize updating all macOS devices to version Sequoia 15.2 or later, where the vulnerability is fixed by improved private data redaction in logs. Until patching is complete, restrict local access to macOS systems by enforcing strict endpoint security policies, including application whitelisting, least privilege principles, and monitoring for suspicious local activity. Disable or limit logging of sensitive information where feasible and audit log access permissions regularly. Employ endpoint detection and response (EDR) solutions to detect anomalous behavior indicative of attempts to access or exfiltrate log data. Educate users and administrators about the risks of installing untrusted applications that could exploit this vulnerability. For organizations with macOS in critical environments, consider network segmentation and enhanced access controls to reduce the risk of local exploitation.