PT-2025-3051 · Apple · Ios+5
Kenneth Chew
+2
·
Published
2024-12-11
·
Updated
2025-09-05
·
CVE-2024-54542
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Safari versions prior to 18.2
macOS Sequoia versions prior to 15.2
watchOS versions prior to 11.2
iOS versions prior to 18.2
iPadOS versions prior to 18.2
Description
The issue is related to incorrect authorization in the State Management Handler component of iOS, iPadOS, macOS, watchOS, and the Safari browser. Exploitation of this issue may allow an attacker to access confidential information. The problem is associated with a lack of proper authentication, which can be exploited to access Private Browsing tabs without authentication.
Recommendations
For Safari versions prior to 18.2, update to Safari 18.2 to resolve the issue.
For macOS Sequoia versions prior to 15.2, update to macOS Sequoia 15.2 to resolve the issue.
For watchOS versions prior to 11.2, update to watchOS 11.2 to resolve the issue.
For iOS versions prior to 18.2, update to iOS 18.2 to resolve the issue.
For iPadOS versions prior to 18.2, update to iPadOS 18.2 to resolve the issue.
Fix
Incorrect Authorization
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apple Macos
Safari
Ios
Ipados
Macos Sequoia
Watchos