Logic Flaw in Apple Software Allows Unauthorized App Modifications
CVE-2024-54560

5.5MEDIUM

Key Information:

Vendor
Apple
Vendor
CVE Published:
10 March 2025

Summary

A flaw in several Apple operating systems allows a malicious application to potentially modify other installed applications without the necessary App Management permissions. This logic issue has been addressed in the latest updates for iOS, iPadOS, watchOS, tvOS, and macOS, reinforcing the integrity of app management and security.

Affected Version(s)

iOS and iPadOS < 18

macOS < 15

tvOS < 18

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.