A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/121563 | Vendor Advisory |
| https://support.apple.com/en-us/121565 | Vendor Advisory |
| https://support.apple.com/en-us/121566 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Jan 2025, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (es) Se solucionó un problema de gestión de rutas con una lógica mejorada. Este problema se solucionó en watchOS 11.1, visionOS 2.1, iOS 18.1 y iPadOS 18.1. Un atacante con acceso a los datos del calendario también podría leer los recordatorios. |
16 Jan 2025, 20:36
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| CPE | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
| First Time |
Apple ipados
Apple visionos Apple Apple watchos Apple iphone Os |
|
| CWE | CWE-22 | |
| References | () https://support.apple.com/en-us/121563 - Vendor Advisory | |
| References | () https://support.apple.com/en-us/121565 - Vendor Advisory | |
| References | () https://support.apple.com/en-us/121566 - Vendor Advisory |
15 Jan 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-01-15 20:15
Updated : 2025-01-23 22:15
NVD link : CVE-2024-54535
Mitre link : CVE-2024-54535
CVE.ORG link : CVE-2024-54535
JSON object : View
Products Affected
apple
- ipados
- watchos
- iphone_os
- visionos
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')