April 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple WordPress Plugins Vulnerabilities
March 31, 2025Threat Actors Conceal Malware in WordPress Sites for Remote Code Execution
March 31, 2025Multiple WordPress Plugins Vulnerabilities
March 31, 2025Threat Actors Conceal Malware in WordPress Sites for Remote Code Execution
March 31, 2025
Severity
Medium
Analysis Summary
CVE-2024-54463 CVSS:5.5
This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent.
CVE-2024-54560 CVSS:5
Apple watchOS, tvOS, macOS, iOS and iPadOS could allow a local authenticated attacker to modify other apps without having App Management permission, caused by a logic issue in the LaunchServices component.
Impact
- Information Disclosure
- Security Bypass
Indicators of Compromise
CVE
CVE-2024-54463
CVE-2024-54560
Affected Vendors
- Apple
Affected Products
- Apple macOS Sequoia - 14
- Apple macOS Sonoma - 14.0
- Apple tvOS - 17
- Apple iOS and iPadOS - 17
- Apple watchOS - 10
Remediation
Upgrade to the latest version, available from the Apple security document.