CVE-2024-54468

Description

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Affected products

Apple / iOS and iPadOS0 – 18.2
Apple / iPadOS0 – 17.7.3
Apple / macOS0 – 13.7.2
Apple / macOS0 – 14.7.2
Apple / macOS0 – 15.2
Apple / tvOS0 – 18.2
Apple / watchOS0 – 11.2

References

VENDOR_ADVISORYhttps://support.apple.com/en-us/121837
VENDOR_ADVISORYhttps://support.apple.com/en-us/121838
VENDOR_ADVISORYhttps://support.apple.com/en-us/121839
VENDOR_ADVISORYhttps://support.apple.com/en-us/121840
VENDOR_ADVISORYhttps://support.apple.com/en-us/121842
VENDOR_ADVISORYhttps://support.apple.com/en-us/121843
VENDOR_ADVISORYhttps://support.apple.com/en-us/121844