CVE-2024-46060
Local Privilege Escalation in Anaconda3 macOS Installer
Publication date: 2025-12-17
Last updated on: 2025-12-18
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anaconda | anaconda3 | 2024.06-1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-46060 is a local privilege escalation vulnerability in Anaconda3 macOS installers before version 2024.06-1. During installation outside the user's home directory, the installer creates world-writable files, specifically a script named 'user_post_install' with insecure permissions. This script is executed with root privileges by a post-install process. A low-privileged local user can modify this writable script to inject arbitrary commands, which then run with root privileges, allowing the attacker to execute code as the root user. [2]
How can this vulnerability impact me? :
This vulnerability allows a local low-privileged user on a macOS system to escalate their privileges to root by injecting arbitrary commands into a writable script created during Anaconda3 installation. This can lead to unauthorized code execution with full administrative rights, potentially compromising the entire system's security and integrity. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for world-writable scripts created during the Anaconda3 macOS package installation outside the user's home directory. Specifically, look for the presence of the writable script named `user_post_install`. Commands to assist detection include expanding the installer package with `pkgutil --expand` to inspect its contents and analyzing file permissions of scripts created during installation. Additionally, monitoring file creation and permissions during installation can help identify writable scripts with shell shebangs (e.g., `#!/bin/bash`) that could be exploited. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading to Anaconda3 version 2024.06-1 or later, where the vulnerability is fixed by removing the `user_post_install.pkg` package and eliminating the writable script that allowed command injection. Until upgrading, avoid installing Anaconda3 outside the user's home directory to prevent creation of world-writable files. Also, review and restrict permissions on any scripts created during installation to prevent unauthorized modifications. [2]