Keyboard Event Capture Vulnerability in macOS by Apple
CVE-2024-54539

5.5MEDIUM

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 27 January 2025

Summary

A vulnerability has been identified in Apple's macOS that allows malicious applications the potential to capture keyboard events from the lock screen. This flaw raises significant security concerns, as it could enable unauthorized access to sensitive information via logged keystrokes, compromising user privacy. The issue has been addressed in the latest updates, specifically in macOS Sonoma 14.7.2, macOS Sequoia 15.2, and macOS Ventura 13.7.2, which include improved state management to mitigate this potential risk.

Affected Version(s)

macOS < 15.2

macOS < 13.7

macOS < 14.7

References

https://support.apple.com/en-us/121839

https://support.apple.com/en-us/121842

https://support.apple.com/en-us/121840

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Dec 3, 2024