CVE-2024-54525

Summary

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.

Affected Software

VendorProductVersion RangeStatus
AppleiOS and iPadOS0 < 18.2affected
ApplemacOS0 < 15.2affected
AppletvOS0 < 18.2affected
ApplevisionOS0 < 2.2affected
ApplewatchOS0 < 11.2affected

Weaknesses

  • Restoring a maliciously crafted backup file may lead to modification of protected system files

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References