Cyber Resilience

CVE-2024-54512

Critical

Published: 27 January 2025

Published
27 January 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0021 43.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54512 is a critical-severity Incorrect Authorization (CWE-863) vulnerability in Apple Ipados. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-54512 is a vulnerability in Apple operating systems where a system binary could be used to fingerprint a user's Apple Account. The affected components include iOS prior to version 18.2, iPadOS prior to version 18.2, and watchOS prior to version 11.2. This issue is associated with CWE-863 (Incorrect Authorization) and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high impacts on confidentiality and integrity.

The vulnerability can be exploited remotely by any network attacker requiring no privileges or user interaction. Successful exploitation allows the attacker to fingerprint the victim's Apple Account, potentially enabling user tracking or identification across sessions and devices through leaked account-specific details obtainable via the system binary.

Apple's security advisories confirm the issue was addressed by removing the relevant flags, with fixes available in iOS 18.2, iPadOS 18.2, and watchOS 11.2. Additional details are provided in the release notes at https://support.apple.com/en-us/121837 and https://support.apple.com/en-us/121843.

EU & UK References

Vulnerability details

The issue was addressed by removing the relevant flags. This issue is fixed in iOS 18.2 and iPadOS 18.2, watchOS 11.2. A system binary could be used to fingerprint a user's Apple Account.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1589 Gather Victim Identity Information Reconnaissance
Adversaries may gather information about the victim's identity that can be used during targeting.
Why these techniques?

Remote unauthenticated exploitation of incorrect authorization in a system binary directly enables T1190 for initial access and facilitates T1589 by leaking account-specific details for identity fingerprinting/tracking.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-44136Same product: Apple Ipados
CVE-2025-24200Same product: Apple Ipados
CVE-2024-54530Same product: Apple Ipados
CVE-2026-28951Same product: Apple Ipados
CVE-2025-24221Same product: Apple Ipados
CVE-2024-40771Same product: Apple Ipados
CVE-2026-28858Same product: Apple Ipados
CVE-2025-31255Same product: Apple Ipados
CVE-2025-43359Same product: Apple Ipados
CVE-2025-43347Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 18.2
apple
iphone os
≤ 18.2
apple
watchos
≤ 11.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to system resources, directly addressing the incorrect authorization allowing a system binary to access and fingerprint user Apple Account information.

prevent

Employs least privilege to ensure system binaries only access necessary resources, preventing unauthorized exposure of Apple Account details for fingerprinting.

prevent

Restricts system binaries to least functionality by removing unnecessary capabilities like the relevant flags exploited for Apple Account fingerprinting.

References