CVE-2024-54535

MEDIUM

iPadOS < 18.1 - Unprotected User Data Exposure via Path Handling Issue

Title source: llm

Description

A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders.

References (4)

Core 4

Core References

https://support.apple.com/en-us/121564

Vendor Advisory

https://support.apple.com/en-us/121563

Vendor Advisory

https://support.apple.com/en-us/121565

Vendor Advisory

https://support.apple.com/en-us/121566

Scores

CVSS v3 4.3

EPSS 0.0028

EPSS Percentile 51.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (8)

Apple/iOS and iPadOS < 18.1

apple/ipados < 18.1

apple/iphone_os < 18.1

Apple/macOS < 15.1

apple/visionos < 2.1

Apple/visionOS < 2.1

apple/watchos < 11.1

Apple/watchOS < 11.1

Published Jan 15, 2025

Tracked Since Feb 18, 2026