AI description
CVE-2024-54492 is a vulnerability affecting Apple devices using macOS Sequoia, iOS, iPadOS, and visionOS. It stems from the lack of HTTPS implementation when sending information over the network. An attacker with a privileged network position could exploit this vulnerability to alter network traffic, potentially compromising sensitive password information and gaining unauthorized access to user accounts. Apple has addressed this issue by implementing HTTPS encryption for data transmission in macOS Sequoia 15.2, iOS 18.2, iPadOS 18.2, iPadOS 17.7.3, and visionOS 2.2. Users are advised to update their devices to these versions to mitigate the risk.
- Description
- This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
21
Since iOS 18 launched, the new Passwords app has been using unencrypted HTTP to download icons for password entries—a potential #security risk. We reported this bug to #Apple in September, and it’s finally fixed in #iOS 18.2 (CVE-2024-54492). Why does this matter? Watch 🎬
@minacris_
19 May 2025
9057 Impressions
12 Retweets
113 Likes
39 Bookmarks
5 Replies
0 Quotes
CVE-2024-54492 This issue was addressed by using HTTPS when sending information ... https://t.co/iLdqzqCHh5 Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
12 Dec 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Since iOS 18 launched, the new Passwords app has been using unencrypted HTTP to download icons for password entries—a potential #security risk. We reported this bug to #Apple in September, and it’s finally fixed in #iOS 18.2 (CVE-2024-54492). Why does this matter? Watch 🎬 : http
@mysk_co
11 Dec 2024
71540 Impressions
70 Retweets
685 Likes
205 Bookmarks
19 Replies
8 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03B2CC01-9482-433A-A0D3-076683F4B012",
"versionEndExcluding": "17.7.3"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF72B8B5-0A02-4875-89EF-10D28FADB9CE",
"versionEndExcluding": "18.2",
"versionStartIncluding": "18.0"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02BF92BD-305C-46CA-8A77-C247AF8B1BC0",
"versionEndExcluding": "18.2"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3750AD63-B023-44CE-B44D-A90F98E3A8C0",
"versionEndExcluding": "15.2"
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16F83EAF-2879-4515-BC44-6AE5006D35EE",
"versionEndExcluding": "2.2"
}
],
"operator": "OR"
}
]
}
]