CVE-2024-54512
CVE-2024-54512
9.1
CriticalPublished:
Last updated:
Source:product-security@apple.com
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- None
Description
The issue was addressed by removing the relevant flags. This issue is fixed in iOS 18.2 and iPadOS 18.2, watchOS 11.2. A system binary could be used to fingerprint a user's Apple Account.
References
product-security@apple.com
https://support.apple.com/en-us/121837product-security@apple.com
https://support.apple.com/en-us/121843