PT-2025-3044 · Apple · Visionos+4
Abhay Kailasia
+2
·
Published
2024-12-11
·
Updated
2025-01-27
·
CVE-2024-54530
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
macOS versions prior to 15.2
watchOS versions prior to 11.2
visionOS versions prior to 2.2
iOS versions prior to 18.2
iPadOS versions prior to 18.2
Description
The issue is related to the Password Autofill component in the mentioned operating systems and is caused by a lack of authorization. This may allow an attacker to read and write arbitrary files. The problem may cause the password autofill function to fill in passwords even after authentication has failed.
Recommendations
For macOS versions prior to 15.2, update to macOS Sequoia 15.2.
For watchOS versions prior to 11.2, update to watchOS 11.2.
For visionOS versions prior to 2.2, update to visionOS 2.2.
For iOS versions prior to 18.2, update to iOS 18.2.
For iPadOS versions prior to 18.2, update to iPadOS 18.2.
Fix
Incorrect Authorization
Improper Authentication
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apple Macos
Ios
Ipados
Visionos
Watchos