CVE-2024-54492 – This vulnerability allows attackers in a privil... (How to Fix)

Q: What is the severity of CVE-2024-54492?

CVE-2024-54492 has a CVSS score of 5.9 (MEDIUM). This vulnerability allows attackers in a privileged network position (like on the same network) to intercept and modify network traffic due to unencrypted HTTP communication. It affects Apple devices running vulnerable versions of macOS, iOS, iPadOS, and visionOS. The issue enables man-in-the-middle attacks against network communications.

📋 TL;DR

This vulnerability allows attackers in a privileged network position (like on the same network) to intercept and modify network traffic due to unencrypted HTTP communication. It affects Apple devices running vulnerable versions of macOS, iOS, iPadOS, and visionOS. The issue enables man-in-the-middle attacks against network communications.

💻 Affected Systems

Products:

macOS
iOS
iPadOS
visionOS

Versions: Versions before macOS Sequoia 15.2, iOS 18.2, iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2

Operating Systems: Apple macOS, Apple iOS, Apple iPadOS, Apple visionOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default configurations where HTTP is used instead of HTTPS for network communications.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Visionos by Apple

View all CVEs affecting Visionos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept sensitive data (credentials, personal information), inject malicious content, or redirect users to phishing sites by manipulating unencrypted network traffic.

🟠

Likely Case

Data interception and modification of network communications, potentially exposing transmitted information or altering application behavior.

🟢

If Mitigated

Minimal impact if HTTPS is enforced and network segmentation prevents attackers from reaching privileged positions.

🌐 Internet-Facing: MEDIUM - Requires attacker to be in privileged network position, but internet-facing services could be targeted if network access is gained.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this if on same network segment.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to be in privileged network position (man-in-the-middle). No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15.2, iOS 18.2, iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2

Vendor Advisory: https://support.apple.com/en-us/121837

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Install the latest update for your device. 4. Restart device after installation completes.

🔧 Temporary Workarounds

Enforce HTTPS Only

all

Configure applications and services to use HTTPS exclusively and disable HTTP fallback.

Network Segmentation

all

Implement network segmentation to limit attacker access to privileged network positions.

🧯 If You Can't Patch

Use VPN for all network communications to encrypt traffic end-to-end
Avoid using affected devices on untrusted networks (public Wi-Fi, shared networks)

🔍 How to Verify

Check if Vulnerable:

Check device version in Settings > General > About (iOS/iPadOS/visionOS) or Apple menu > About This Mac (macOS). Compare against patched versions.

Check Version:

sw_vers (macOS) or check Settings > General > About > Version (iOS/iPadOS/visionOS)

Verify Fix Applied:

Verify device is running macOS Sequoia 15.2 or later, iOS 18.2 or later, iPadOS 18.2 or later, iPadOS 17.7.3 or later, or visionOS 2.2 or later.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP traffic patterns
Failed HTTPS connections with HTTP fallback

Network Indicators:

Unencrypted HTTP traffic from Apple devices
Man-in-the-middle attack signatures in network monitoring

SIEM Query:

source="network_traffic" http_method=* AND (user_agent CONTAINS "Apple" OR device_type="Apple") AND NOT protocol="HTTPS"

📊 Metadata

CVE ID: CVE-2024-54492

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Published: December 12, 2024

Last Updated: November 3, 2025

🔗 References

https://support.apple.com/en-us/121837 Vendor Advisory
https://support.apple.com/en-us/121838 Vendor Advisory
https://support.apple.com/en-us/121839 Vendor Advisory
https://support.apple.com/en-us/121845 Vendor Advisory
http://seclists.org/fulldisclosure/2024/Dec/12
http://seclists.org/fulldisclosure/2024/Dec/6
http://seclists.org/fulldisclosure/2024/Dec/7

📤 Share & Export

📄 Export Markdown 📋 Export JSON