CVE-2024-54542
CVE-2024-54542
9.1
CriticalPublished:
Last updated:
Source:product-security@apple.com
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- None
- Availability
- High
Description
An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be accessed without authentication.
References
product-security@apple.com
https://support.apple.com/en-us/121837product-security@apple.com
https://support.apple.com/en-us/121839product-security@apple.com
https://support.apple.com/en-us/121843product-security@apple.com
https://support.apple.com/en-us/121846