

Default Credentials of Over 15,000 Four-Faith Routers Expose Them to New Exploit – Active IOCs
January 1, 2025
Data from Rhode Island’s Health Benefits System Leaked on Dark Web
January 1, 2025
Default Credentials of Over 15,000 Four-Faith Routers Expose Them to New Exploit – Active IOCs
January 1, 2025
Data from Rhode Island’s Health Benefits System Leaked on Dark Web
January 1, 2025Severity
Medium
Analysis Summary
CVE-2024-54484 CVSS:5.5
The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.
CVE-2024-54485 CVSS:5.5
The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.3, iOS 18.2 and iPadOS 18.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.
CVE-2024-54486 CVSS:6.5
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted font may result in the disclosure of process memory.
CVE-2024-54489 CVSS:7.8
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Running a mount command may unexpectedly execute arbitrary code.
CVE-2024-54490 CVSS:5.5
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items.
CVE-2024-54491 CVSS:5.5
The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location.
Impact
- Gain Access
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-54484
- CVE-2024-54485
- CVE-2024-54486
- CVE-2024-54489
- CVE-2024-54490
- CVE-2024-54491
Affected Vendors
Affected Products
- Apple iPadOS 17.7.3
- Apple macOS Ventura 13.7.2
- Apple macOS Sonoma 14.7.2
- Apple watchOS 11.2
- Apple tvOS 18.2
- Apple macOS Sequoia 15.2
- Apple iOS 18.2 and iPadOS 18.2
- Apple visionOS 2.2
Remediation
Refer to Apple Security Document for patch, upgrade, and suggested workaround information.