CVE-2024-54467Sensitive Information Exposure in Apple IOS AND Ipados

CWE-200Sensitive Information Exposure14 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Apple IOS AND IpadosApple MacosApple Safari+5 more
Timeline
PublishedMar 10
Latest updateMar 31

Description

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages12 packages

CVEListV5apple/tvos< 18
NVDapple/tvos< 18.0
CVEListV5apple/macos< 15
NVDapple/macos< 15.0
CVEListV5apple/safari< 18

🔴Vulnerability Details

4
GHSA
GHSA-fvpp-8m58-5wxr: A cookie management issue was addressed with improved state management2025-03-10
CVEList
CVE-2024-54467: A cookie management issue was addressed with improved state management2025-03-10
OSV
CVE-2024-54467: A cookie management issue was addressed with improved state management2025-03-10
OSV
CVE-2024-54467: A cookie management issue was addressed with improved state management2025-03-10

📋Vendor Advisories

9
Ubuntu
WebKitGTK vulnerabilities2025-03-31
Red Hat
webkitgtk: A malicious website may exfiltrate data cross-origin2025-03-20
Apple
CVE-2024-54467: tvOS 182024-09-16
Apple
CVE-2024-54467: visionOS22024-09-16
Apple
CVE-2024-54467: watchOS112024-09-16
CVE-2024-54467 — Sensitive Information Exposure | cvebase