Critical macOS Flaw Leaks Passwords and iCloud Data via NetAuthAgent
2025-03-20

A security research article exposes a critical vulnerability in macOS (CVE-2024-54471) allowing attackers to steal file server credentials and even iCloud account information and API tokens via NetAuthAgent. The vulnerability stems from NetAuthAgent's MIG server failing to verify message senders, enabling attackers to send malicious messages to retrieve keychain credentials, subsequently accessing iCloud data including contacts, calendars, and location. The article details the Mach kernel, MIG mechanism, and exploitation process, urging users to update macOS to the latest version and enable Advanced Data Protection.
(wts.dev)