← Back

CVE-2024-54488

nvd nist
Published: Jan 27, 2025Modified: Apr 2, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Photos in the Hidden Photos Album may be viewed without authentication.

Affected (6)

Apple
3 products
Ipados
Iphone Os
Macos
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Ipados
Before 17.7.3
Ipados
From 18.0 to 18.2
Iphone Os
Before 18.2
Apple
Macos
Before 13.7.2
Macos
From 14.0 to 14.7.2
Macos
From 15.0 to 15.2

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (5)

Source: product-security@apple.com
Release Notes
Source: product-security@apple.com
Release Notes
Source: product-security@apple.com
Release Notes
Source: product-security@apple.com
Release Notes
Source: product-security@apple.com
Release Notes

Timeline

No history available yet.