CVE-2024-54530
Published: 27 January 2025
Summary
CVE-2024-54530 is a critical-severity Incorrect Authorization (CWE-863) vulnerability in Apple Ipados. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials from Password Stores (T1555); ranked at the 38.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations and checks to prevent password autofill after failed authentication, directly addressing the incorrect authorization vulnerability.
Requires re-authentication before sensitive operations like password autofill to mitigate bypass after initial authentication failure.
Applies least privilege to limit autofill mechanisms' access to credentials without successful authentication.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly bypasses auth checks in password autofill, enabling unauthorized access to stored credentials (T1555) and specifically browser/web autofill stores (T1555.003).
NVD Description
The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, visionOS 2.2, watchOS 11.2. Password autofill may fill in passwords after failing authentication.
Deeper analysisAI
CVE-2024-54530 is a vulnerability in the password autofill feature on Apple devices, where passwords may be filled in even after authentication fails. The issue stems from insufficient checks, classified under CWE-863 (Incorrect Authorization), and affects iOS prior to 18.2, iPadOS prior to 18.2, macOS Sequoia prior to 15.2, visionOS prior to 2.2, and watchOS prior to 11.2. It has a CVSS v3.1 base score of 9.1, indicating critical severity due to high confidentiality and integrity impacts.
The vulnerability can be exploited remotely over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), and without changing scope (S:U). An attacker could leverage this to bypass authentication mechanisms in password autofill, potentially disclosing sensitive credentials or enabling unauthorized access to autofill-saved passwords.
Apple addressed the issue through improved checks, as detailed in their security updates. The patches are available in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, visionOS 2.2, and watchOS 11.2. Relevant advisories are published at https://support.apple.com/en-us/121837, https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121843, and https://support.apple.com/en-us/121845.
Details
- CWE(s)