A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/121563 | Vendor Advisory |
| https://support.apple.com/en-us/121565 | Vendor Advisory |
| https://support.apple.com/en-us/121566 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Jan 2025, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (es) Se solucionó un problema de gestión de rutas con una lógica mejorada. Este problema se solucionó en watchOS 11.1, visionOS 2.1, iOS 18.1 y iPadOS 18.1. Un atacante con acceso a los datos del calendario también podría leer los recordatorios. |
16 Jan 2025, 20:36
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| References | () https://support.apple.com/en-us/121563 - Vendor Advisory | |
| References | () https://support.apple.com/en-us/121565 - Vendor Advisory | |
| References | () https://support.apple.com/en-us/121566 - Vendor Advisory | |
| CPE | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
|
| First Time |
Apple iphone Os
Apple visionos Apple ipados Apple Apple watchos |
|
| CWE | CWE-22 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
15 Jan 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-01-15 20:15
Updated : 2025-01-23 22:15
NVD link : CVE-2024-54535
Mitre link : CVE-2024-54535
CVE.ORG link : CVE-2024-54535
JSON object : View
Products Affected
apple
- ipados
- iphone_os
- watchos
- visionos
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')