CVE-2024-54488

MEDIUM

iPhone OS < 18.2 - Unauthenticated Hidden Photos Album Access

Title source: llm

Description

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Photos in the Hidden Photos Album may be viewed without authentication.

References (5)

Core 5

Core References

Release Notes

https://support.apple.com/en-us/121837

Release Notes

https://support.apple.com/en-us/121838

Release Notes

https://support.apple.com/en-us/121839

Release Notes

https://support.apple.com/en-us/121840

Release Notes

https://support.apple.com/en-us/121842

Scores

CVSS v3 5.3

EPSS 0.0021

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (8)

Apple/iOS and iPadOS < 18.2

apple/ipados < 17.7.3

Apple/iPadOS < 17.7.3

apple/iphone_os < 18.2

apple/macos < 13.7.2

Apple/macOS < 13.7.2

Apple/macOS < 14.7.2

Apple/macOS < 15.2

Published Jan 27, 2025

Tracked Since Feb 18, 2026