CVE-2024-54541

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121837	Release Notes
https://support.apple.com/en-us/121839	Release Notes
https://support.apple.com/en-us/121840	Release Notes
https://support.apple.com/en-us/121842	Release Notes
https://support.apple.com/en-us/121843	Release Notes
https://support.apple.com/en-us/121844	Release Notes
https://support.apple.com/en-us/121845	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

18 Mar 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-922

30 Jan 2025, 17:31

Type	Values Removed	Values Added
References	~~() https://support.apple.com/en-us/121837 -~~	() https://support.apple.com/en-us/121837 - Release Notes
References	~~() https://support.apple.com/en-us/121839 -~~	() https://support.apple.com/en-us/121839 - Release Notes
References	~~() https://support.apple.com/en-us/121840 -~~	() https://support.apple.com/en-us/121840 - Release Notes
References	~~() https://support.apple.com/en-us/121842 -~~	() https://support.apple.com/en-us/121842 - Release Notes
References	~~() https://support.apple.com/en-us/121843 -~~	() https://support.apple.com/en-us/121843 - Release Notes
References	~~() https://support.apple.com/en-us/121844 -~~	() https://support.apple.com/en-us/121844 - Release Notes
References	~~() https://support.apple.com/en-us/121845 -~~	() https://support.apple.com/en-us/121845 - Release Notes
Summary		(es) Este problema se solucionó mediante con una mejor gestión del estado. Este problema se solucionó en macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 y iPadOS 18.2, macOS Sonoma 14.7.2 y macOS Sequoia 15.2. Es posible que una aplicación pueda acceder a datos confidenciales del usuario.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:macos::::::::
CWE		NVD-CWE-noinfo
First Time		Apple tvos Apple iphone Os Apple ipados Apple watchos Apple visionos Apple Apple macos

27 Jan 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-27 22:15

Updated : 2025-03-18 16:15

NVD link : CVE-2024-54541

Mitre link : CVE-2024-54541

CVE.ORG link : CVE-2024-54541

JSON object : View

Products Affected

apple

visionos
iphone_os
watchos
tvos
macos
ipados

CWE

NVD-CWE-noinfo CWE-922

Insecure Storage of Sensitive Information

{"id": "CVE-2024-54541", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-01-27T22:15:14.117", "references": [{"url": "https://support.apple.com/en-us/121837", "tags": ["Release Notes"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/121839", "tags": ["Release Notes"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/121840", "tags": ["Release Notes"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/121842", "tags": ["Release Notes"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/121843", "tags": ["Release Notes"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/121844", "tags": ["Release Notes"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/121845", "tags": ["Release Notes"], "source": "product-security@apple.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data."}, {"lang": "es", "value": "Este problema se solucion\u00f3 mediante con una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 y iPadOS 18.2, macOS Sonoma 14.7.2 y macOS Sequoia 15.2. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."}], "lastModified": "2025-03-18T16:15:24.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61B67D76-E2DA-46D7-9E43-4E18D542AA57", "versionEndExcluding": "18.2"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02BF92BD-305C-46CA-8A77-C247AF8B1BC0", "versionEndExcluding": "18.2"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E37694D-5783-4112-B372-5915C231512F", "versionEndExcluding": "13.7.2"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "617CA14A-5EA4-4112-A564-DB1A5109A066", "versionEndExcluding": "14.7.2", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A29E5D37-B333-4B43-9E4A-012CDD2C406D", "versionEndExcluding": "15.2", "versionStartIncluding": "15.0"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B719BB6-424F-4612-8809-0DF25022C29C", "versionEndExcluding": "18.2"}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F83EAF-2879-4515-BC44-6AE5006D35EE", "versionEndExcluding": "2.2"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C446885-2BC5-454D-88A1-146B17C051C3", "versionEndExcluding": "11.2"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}

5.5 /10