VDB
CVE-2024-54486
CVE-2024-54486
PUBLISHED
CVSS 8.699999809265137 HIGH
Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu erzeugen.
EPSS 0.29% · 52.3th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.29%
52.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Apple macOS <14.7.2 | |
| Apple | Apple macOS <13.7.2 | |
| Apple | Apple iPadOS <17.7.3 | |
| Apple | Apple iOS <18.2 | |
| Apple | Apple macOS <15.2 | |
| Apple | Apple iPadOS <18.2 |
Exploit Intelligence
- https://cybersecuritynews.com/macos-sandbox-vulnerability-cve-2024-54498-poc-exploit-released/ (certbund)
- macos_v2_generated.go (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
…and 33 more exploits
Timeline
- Dec 11, 2024 CVE Published
- Dec 12, 2024 EPSS Score
- Dec 27, 2024 Coalition ESS Score
- Dec 29, 2024 EPSS Score
- Jan 14, 2025 EPSS Score
- Jan 31, 2025 EPSS Score
- Feb 17, 2025 EPSS Score
- Mar 5, 2025 EPSS Score
- Mar 8, 2025 Coalition ESS Score
- Mar 22, 2025 EPSS Score
- Apr 1, 2025 Coalition ESS Score
- Apr 2, 2025 Coalition ESS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3692.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3692 advisory
- https://lists.apple.com/archives/security-announce/2024/Dec/msg00002.html advisory
- https://lists.apple.com/archives/security-announce/2024/Dec/msg00003.html advisory
- https://lists.apple.com/archives/security-announce/2024/Dec/msg00004.html advisory
- https://jhftss.github.io/CVE-2024-54527-MediaLibraryService-Full-TCC-Bypass/ advisory
- https://cybersecuritynews.com/macos-sandbox-vulnerability-cve-2024-54498-poc-exploit-released/ exploit
- https://github.com/koreacsl/SysBumps advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3691.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3691 advisory
- https://lists.apple.com/archives/security-announce/2024/Dec/msg00000.html advisory
- https://lists.apple.com/archives/security-announce/2024/Dec/msg00001.html advisory