Description

Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.

INFO

Published Date :

2025-12-17T00:00:00.000Z

Last Modified :

2025-12-17T18:42:52.736Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-46060 vulnerability.

Vendors Products
Anaconda
  • Anaconda3
Apple
  • Macos
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-46060.

URL Resource
https://m8sec.dev/blog/privilege-escalation-macos-pkg-installers/ cve-icon cve-icon
https://www.anaconda.com/docs/getting-started/anaconda/release/2024.x#anaconda-2024-06-1 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System