iOS Device Notification Content Exposure Flaw in Apple Products
CVE-2024-54485

2.4LOW

Key Information:

Vendor: Apple
Status: iPhone OS; iPad OS
Vendor: CVE Published:; 12 December 2024

What is CVE-2024-54485?

A vulnerability has been identified in Apple's iOS systems where an attacker with physical access to an iOS device could potentially view sensitive notification content displayed on the lock screen. This issue was mitigated through the addition of enhanced security logic in the system, specifically addressed in iPadOS versions 17.7.3, iOS 18.2, and iPadOS 18.2. It is crucial for users to update their devices to these versions to ensure protection against this type of exposure.

References

https://support.apple.com/en-us/121837

https://support.apple.com/en-us/121838

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2024