CVE-2024-54492

Published Dec 12, 2024

Last updated 2 months ago

CVSS medium 5.9

Overview

Description
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.
Source
product-security@apple.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
5.9
Impact score
3.6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. CVE-2024-54492 This issue was addressed by using HTTPS when sending information ... https://t.co/iLdqzqCHh5 Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x

    @VulmonFeeds

    12 Dec 2024

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Since iOS 18 launched, the new Passwords app has been using unencrypted HTTP to download icons for password entries—a potential #security risk. We reported this bug to #Apple in September, and it’s finally fixed in #iOS 18.2 (CVE-2024-54492). Why does this matter? Watch 🎬 : http

    @mysk_co

    11 Dec 2024

    71540 Impressions

    70 Retweets

    685 Likes

    205 Bookmarks

    19 Replies

    8 Quotes

Configurations

References