CVE-2024-54525 — Unrestricted File Upload in Apple IOS AND Ipados

CWE-434 — Unrestricted File Upload8 documents4 sources

Severity

8.8HIGHNVD

EPSS

1.7%

top 17.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +4 more

Timeline

PublishedMar 17

Description

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages11 packages

▶CVEListV5apple/tvos< 18.2

▶NVDapple/tvos< 18.2

▶CVEListV5apple/macos< 15.2

▶NVDapple/macos< 15.2

▶NVDapple/ipados< 18.2

🔴Vulnerability Details

CVEList

CVE-2024-54525: A logic issue was addressed with improved file handling↗2025-03-17

▶

GHSA

GHSA-f9q9-85g5-cwgj: A logic issue was addressed with improved file handling↗2025-03-17

▶

📋Vendor Advisories

Apple

CVE-2024-54525: watchOS11.2↗2024-12-11

▶

Apple

CVE-2024-54525: iOS18.2 and iPadOS18.2↗2024-12-11

▶

Apple

CVE-2024-54525: visionOS2.2↗2024-12-11

▶

Apple

CVE-2024-54525: macOS Sequoia 15.2↗2024-12-11

▶

Apple

CVE-2024-54525: tvOS18.2↗2024-12-11

▶