Information Disclosure in Apple Products
CVE-2024-54550

4MEDIUM

Key Information:

Vendor
Apple
Status
Mac OS
iOS And iPad OS
Vendor
CVE Published:
27 January 2025

Summary

A vulnerability exists in Apple operating systems that may allow unauthorized access to sensitive information. Specifically, applications may be capable of viewing autocompleted contact information from Messages and Mail, potentially exposing this data through system logs. The issue has been mitigated with enhanced redaction measures in the latest software updates for macOS Sequoia, iOS, and iPadOS.

Affected Version(s)

iOS and iPadOS < 18.2

macOS < 15.2

References

https://support.apple.com/en-us/121839
https://support.apple.com/en-us/121837

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.