Fingerprinting Vulnerability in Apple Devices
CVE-2024-54512

9.1CRITICAL

Key Information:

Vendor: Apple
Status: Watch OS; iOS And iPad OS
Vendor: CVE Published:; 27 January 2025

Summary

A vulnerability in Apple systems allowed a malicious actor to potentially fingerprint users via a system binary, jeopardizing the privacy of Apple Account information. This issue has since been rectified in watchOS 11.2, iOS 18.2, and iPadOS 18.2, effectively removing the relevant flags that contributed to this risk. Users are encouraged to update their devices to safeguard their personal data.

Affected Version(s)

iOS and iPadOS < 18.2

watchOS < 11.2

References

https://support.apple.com/en-us/121843

https://support.apple.com/en-us/121837

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Dec 3, 2024