CVE-2024-54558

March 11, 2025, 3:15 a.m.

7.5
High

Description

A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library.

Product(s) Impacted

Product Versions
macOS Sequoia
  • 15
iOS
  • 18
iPadOS
  • 18

Weaknesses

CWE-451
User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

References

https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121250

Tags

product-security@apple.com
CWE-451
2025-03-10
CVE-2024-54558

CVSS Score

7.5 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: HIGH
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Date

  • Published: March 10, 2025, 7:15 p.m.
  • Last Modified: March 11, 2025, 3:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@apple.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.