CVE-2024-54530

CRITICAL

Apple iPadOS < 18.2 - Incorrect Authorization in Password Autofill

Title source: llm

Description

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, visionOS 2.2, watchOS 11.2. Password autofill may fill in passwords after failing authentication.

References (4)

Core 4

Core References

Release Notes, Vendor Advisory

https://support.apple.com/en-us/121837

Release Notes, Vendor Advisory

https://support.apple.com/en-us/121839

Release Notes, Vendor Advisory

https://support.apple.com/en-us/121843

Release Notes, Vendor Advisory

https://support.apple.com/en-us/121845

Scores

CVSS v3 9.1

EPSS 0.0017

EPSS Percentile 38.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-863

Status published

Products (9)

Apple/iOS and iPadOS < 18.2

apple/ipados < 18.2

apple/iphone_os < 18.2

apple/macos < 15.2

Apple/macOS < 15.2

apple/visionos < 2.2

Apple/visionOS < 2.2

apple/watchos < 11.2

Apple/watchOS < 11.2

Published Jan 27, 2025

Tracked Since Feb 18, 2026