Sandbox Escape Vulnerability in Apple Operating Systems
CVE-2024-54468

8.2HIGH

Key Information:

Vendor: Apple
Status: TV OS; Mac OS; Watch OS; iPad OS
Vendor: CVE Published:; 27 January 2025

Summary

A vulnerability exists that may allow an application to escape its designated sandbox, potentially leading to unauthorized access to system resources. This issue has been addressed through enhanced verification processes within the affected Apple operating systems, including macOS, iOS, tvOS, and watchOS. Users are encouraged to update to the latest versions to mitigate the risk.

Affected Version(s)

iOS and iPadOS < 18.2

iPadOS < 17.7

macOS < 15.2

References

https://support.apple.com/en-us/121844

https://support.apple.com/en-us/121839

https://support.apple.com/en-us/121842

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Dec 3, 2024