CVE-2024-54512 — Incorrect Authorization in Apple IOS AND Ipados

CWE-863 — Incorrect Authorization5 documents4 sources

Severity

9.1CRITICALNVD

EPSS

0.1%

top 72.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Watchos Apple Ipados +1 more

Timeline

PublishedJan 27

Latest updateJan 28

Description

The issue was addressed by removing the relevant flags. This issue is fixed in iOS 18.2 and iPadOS 18.2, watchOS 11.2. A system binary could be used to fingerprint a user's Apple Account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages5 packages

▶NVDapple/ipados< 18.2

▶CVEListV5apple/watchos< 11.2

▶NVDapple/watchos< 11.2

▶CVEListV5apple/ios_and_ipados< 18.2

▶NVDapple/iphone_os< 18.2

🔴Vulnerability Details

GHSA

GHSA-pgq2-vhv9-8pr9: The issue was addressed by removing the relevant flags↗2025-01-28

▶

CVEList

CVE-2024-54512: The issue was addressed by removing the relevant flags↗2025-01-27

▶

📋Vendor Advisories

Apple

CVE-2024-54512: watchOS11.2↗2024-12-11

▶

Apple

CVE-2024-54512: iOS18.2 and iPadOS18.2↗2024-12-11

▶