CVE-2024-54512
Published: 27 January 2025
Summary
CVE-2024-54512 is a critical-severity Incorrect Authorization (CWE-863) vulnerability in Apple Ipados. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to system resources, directly addressing the incorrect authorization allowing a system binary to access and fingerprint user Apple Account information.
Employs least privilege to ensure system binaries only access necessary resources, preventing unauthorized exposure of Apple Account details for fingerprinting.
Restricts system binaries to least functionality by removing unnecessary capabilities like the relevant flags exploited for Apple Account fingerprinting.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of incorrect authorization in a system binary directly enables T1190 for initial access and facilitates T1589 by leaking account-specific details for identity fingerprinting/tracking.
NVD Description
The issue was addressed by removing the relevant flags. This issue is fixed in iOS 18.2 and iPadOS 18.2, watchOS 11.2. A system binary could be used to fingerprint a user's Apple Account.
Deeper analysisAI
CVE-2024-54512 is a vulnerability in Apple operating systems where a system binary could be used to fingerprint a user's Apple Account. The affected components include iOS prior to version 18.2, iPadOS prior to version 18.2, and watchOS prior to version 11.2. This issue is associated with CWE-863 (Incorrect Authorization) and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating critical severity due to high impacts on confidentiality and integrity.
The vulnerability can be exploited remotely by any network attacker requiring no privileges or user interaction. Successful exploitation allows the attacker to fingerprint the victim's Apple Account, potentially enabling user tracking or identification across sessions and devices through leaked account-specific details obtainable via the system binary.
Apple's security advisories confirm the issue was addressed by removing the relevant flags, with fixes available in iOS 18.2, iPadOS 18.2, and watchOS 11.2. Additional details are provided in the release notes at https://support.apple.com/en-us/121837 and https://support.apple.com/en-us/121843.
Details
- CWE(s)