Clickjacking Vulnerability in Apple iOS and macOS Products
CVE-2024-54558

2.8LOW

Key Information:

Vendor: Apple
Status: Mac OS; iOS And iPad OS
Vendor: CVE Published:; 10 March 2025

Summary

A clickjacking vulnerability has been identified that allows malicious applications to manipulate user interaction. By leveraging this flaw, an app may deceive users into unwittingly granting access to their photo library data. Enhanced safeguards have been incorporated in iOS 18, iPadOS 18, and macOS Sequoia 15 to mitigate such risks, ensuring a more secure user experience. Users are encouraged to update their devices to the latest versions to benefit from these improvements.

Affected Version(s)

iOS and iPadOS < 18

macOS < 15

References

https://support.apple.com/en-us/121238

https://support.apple.com/en-us/121250

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Dec 3, 2024