Description

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.

INFO

Published Date :

2025-12-17T00:00:00.000Z

Last Modified :

2025-12-17T18:48:34.954Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-46062 vulnerability.

Vendors Products
Anaconda
  • Miniconda3
Apple
  • Macos
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-46062.

URL Resource
https://m8sec.dev/blog/privilege-escalation-macos-pkg-installers/ cve-icon cve-icon
https://www.anaconda.com/docs/getting-started/miniconda/release/23.x#miniconda-23-11-0-1 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System