CVE-2024-54542

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, macOS Sequoia 15.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2. Private Browsing tabs may be accessed without authentication.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121837	Release Notes Vendor Advisory
https://support.apple.com/en-us/121839	Release Notes Vendor Advisory
https://support.apple.com/en-us/121843	Release Notes Vendor Advisory
https://support.apple.com/en-us/121846	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

24 Mar 2025, 14:53

Type	Values Removed	Values Added
References	~~() https://support.apple.com/en-us/121837 -~~	() https://support.apple.com/en-us/121837 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121839 -~~	() https://support.apple.com/en-us/121839 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121843 -~~	() https://support.apple.com/en-us/121843 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121846 -~~	() https://support.apple.com/en-us/121846 - Release Notes, Vendor Advisory
CPE		cpe:2.3:a:apple:safari:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:ipados::::::::
First Time		Apple safari Apple iphone Os Apple Apple macos Apple watchos Apple ipados

17 Mar 2025, 17:15

Type	Values Removed	Values Added
CWE		CWE-862
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1

18 Feb 2025, 20:15

Type	Values Removed	Values Added
CWE	~~CWE-863~~
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : unknown

28 Jan 2025, 15:15

Type	Values Removed	Values Added
CWE		CWE-863
Summary		(es) Se solucionó un problema de autenticación con con una mejor gestión del estado. Este problema se solucionó en Safari 18.2, macOS Sequoia 15.2, watchOS 11.2, iOS 18.2 y iPadOS 18.2. Se puede acceder a las pestañas de Navegación privada sin autenticación.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

27 Jan 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-27 22:15

Updated : 2025-03-24 14:53

NVD link : CVE-2024-54542

Mitre link : CVE-2024-54542

CVE.ORG link : CVE-2024-54542

JSON object : View

Products Affected

apple

ipados
macos
safari
iphone_os
watchos

CWE

CWE-862

Missing Authorization

9.1 /10