CVE-2024-54527

Name of the Vulnerable Software and Affected Versions: watchOS versions 11.2 and earlier tvOS versions 18.2 and earlier macOS Sequoia versions 15.2 and earlier iOS versions 18.2 and earlier iPadOS versions 18.2 and earlier macOS Ventura versions 13.7.2 and earlier macOS Sonoma versions 14.7.2 and earlier

Description: An app may be able to access sensitive user data due to a TCC bypass vulnerability in the MediaLibraryService XPC service. This issue was addressed with improved checks.

Recommendations: For watchOS versions prior to 11.2, update to watchOS 11.2 or later. For tvOS versions prior to 18.2, update to tvOS 18.2 or later. For macOS Sequoia versions prior to 15.2, update to macOS Sequoia 15.2 or later. For iOS versions prior to 18.2, update to iOS 18.2 or later. For iPadOS versions prior to 18.2, update to iPadOS 18.2 or later. For macOS Ventura versions prior to 13.7.2, update to macOS Ventura 13.7.2 or later. For macOS Sonoma versions prior to 14.7.2, update to macOS Sonoma 14.7.2 or later. As a temporary workaround, consider restricting the use of the MediaLibraryService XPC service if possible. Audit the ~/Library/Application Support/iLifeMediaBrowser/Plug-Ins directory for any suspicious activity.