Login Sign Up

CVE-2024-54530

9.1 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows password autofill to fill passwords even after authentication fails, potentially exposing credentials. It affects users of Apple's operating systems who use password autofill features. The issue could allow unauthorized access to password-protected accounts.

💻 Affected Systems

Products:
  • macOS
  • watchOS
  • visionOS
  • iOS
  • iPadOS
Versions: Versions before macOS Sequoia 15.2, watchOS 11.2, visionOS 2.2, iOS 18.2, iPadOS 18.2
Operating Systems: macOS, watchOS, visionOS, iOS, iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with password autofill enabled (default setting).

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain unauthorized access to user accounts across multiple services by exploiting the autofill bug to bypass authentication checks.

🟠

Likely Case

Local attackers or malicious apps could extract stored passwords from autofill cache without proper authentication.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated; without patching, disabling password autofill reduces risk.

🌐 Internet-Facing: LOW (primarily local/device-level vulnerability, not directly network exploitable)
🏢 Internal Only: MEDIUM (requires local access or malicious app installation)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or malicious app installation; no public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15.2, watchOS 11.2, visionOS 2.2, iOS 18.2, iPadOS 18.2

Vendor Advisory: https://support.apple.com/en-us/121837

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update. 2. Download and install the latest update for your device. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Disable Password Autofill

all

Temporarily disable password autofill to prevent credential exposure

🧯 If You Can't Patch

  • Disable password autofill in system settings
  • Use third-party password managers instead of built-in autofill

🔍 How to Verify

Check if Vulnerable:

Check OS version in Settings > General > About > Software Version

Check Version:

sw_vers (macOS) or Settings > General > About (iOS/iPadOS/watchOS/visionOS)

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

  • Unusual autofill access attempts in system logs
  • Multiple failed authentication attempts followed by autofill events

Network Indicators:

  • Unusual authentication patterns to cloud services from affected devices

SIEM Query:

Search for events where device OS version is vulnerable AND autofill-related security events occur

📊 Metadata

CVE ID: CVE-2024-54530
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-863
EPSS Score: 0.2% exploit probability (41.5th percentile)
Published: January 27, 2025
Last Updated: April 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54530, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)