CVE-2024-54535

Published Jan 15, 2025

Last updated a month ago

CVSS medium 4.3

Overview

Description: A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.
Source: product-security@apple.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-22
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-22

Hype score: Not currently trending

CVE-2024-54535 Path Handling Vulnerability Fixed in iOS and watchOS Updates https://t.co/JgFjbczR9M
@VulmonFeeds
16 Jan 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F64554D-9F90-4871-9A0B-FB28BD52F4B3",
            "versionEndExcluding": "18.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9A26654-0DDB-4D4D-BB1E-C65C3339148E",
            "versionEndExcluding": "18.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15E4723D-CD2B-4486-A69C-27F843844A80",
            "versionEndExcluding": "2.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1",
            "versionEndExcluding": "11.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References