Analysis Summary

CVE-2024-54484 CVSS:5.5

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.

CVE-2024-54485 CVSS:5.5

The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.3, iOS 18.2 and iPadOS 18.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.

CVE-2024-54486 CVSS:6.5

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted font may result in the disclosure of process memory.

CVE-2024-54489 CVSS:7.8

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Running a mount command may unexpectedly execute arbitrary code.

CVE-2024-54490 CVSS:5.5

This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items.

CVE-2024-54491 CVSS:5.5

The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location.

Impact

• Gain Access
• Code Execution

Indicators of Compromise

CVE

• CVE-2024-54484
• CVE-2024-54485
• CVE-2024-54486
• CVE-2024-54489
• CVE-2024-54490
• CVE-2024-54491

Affected Vendors

Affected Products

• Apple iPadOS 17.7.3
• Apple macOS Ventura 13.7.2
• Apple macOS Sonoma 14.7.2
• Apple watchOS 11.2
• Apple tvOS 18.2
• Apple macOS Sequoia 15.2
• Apple iOS 18.2 and iPadOS 18.2
• Apple visionOS 2.2

Remediation

Refer to Apple Security Document for patch, upgrade, and suggested workaround information.

CVE-2024-54484

CVE-2024-54485

CVE-2024-54486

CVE-2024-54489

CVE-2024-54490

CVE-2024-54491