Logic Flaw in Apple Software Allows Unauthorized App Modifications
CVE-2024-54560

5.5MEDIUM

Key Information:

Vendor: Apple
Status: Mac OS; TV OS; iOS And iPad OS; Watch OS
Vendor: CVE Published:; 10 March 2025

Summary

A flaw in several Apple operating systems allows a malicious application to potentially modify other installed applications without the necessary App Management permissions. This logic issue has been addressed in the latest updates for iOS, iPadOS, watchOS, tvOS, and macOS, reinforcing the integrity of app management and security.

Affected Version(s)

iOS and iPadOS < 18

macOS < 15

tvOS < 18

References

https://support.apple.com/en-us/121238

https://support.apple.com/en-us/121248

https://support.apple.com/en-us/121250

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Dec 3, 2024