CVE-2024-46060

Description

Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.

PUBLISHED Reserved 2024-09-11 | Published 2025-12-17 | Updated 2025-12-18 | Assigner mitre

References

m8sec.dev/blog/privilege-escalation-macos-pkg-installers/

www.anaconda.com/.../getting-started/anaconda/release/2024.x

cve.org (CVE-2024-46060)

nvd.nist.gov (CVE-2024-46060)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.