CVE-2024-54556 – This vulnerability allows a user to view restri... (How to Fix)

Q: What is the severity of CVE-2024-54556?

CVE-2024-54556 has a CVSS score of 2.4 (LOW). This vulnerability allows a user to view restricted content from the lock screen on Apple iOS and iPadOS devices due to improper state management. It affects users running vulnerable versions of iOS/iPadOS before 18.1. The issue enables unauthorized access to content that should be protected when the device is locked.

📋 TL;DR

This vulnerability allows a user to view restricted content from the lock screen on Apple iOS and iPadOS devices due to improper state management. It affects users running vulnerable versions of iOS/iPadOS before 18.1. The issue enables unauthorized access to content that should be protected when the device is locked.

💻 Affected Systems

Products:

iPhone
iPad

Versions: iOS/iPadOS versions before 18.1

Operating Systems: iOS, iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with lock screen enabled. The specific vulnerable versions are not explicitly listed in the advisory, but all versions before 18.1 should be considered vulnerable.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access to a locked device could view sensitive personal or organizational data that should be protected by lock screen security.

🟠

Likely Case

Someone with brief physical access to a device (colleague, family member) could view notifications, messages, or app content that appears on the lock screen.

🟢

If Mitigated

With proper device passcodes and attention to physical security, the impact is limited to viewing only content that appears on the lock screen interface.

🌐 Internet-Facing: LOW - This is a local physical access vulnerability, not remotely exploitable.

🏢 Internal Only: MEDIUM - Requires physical access to the device, but could be exploited by insiders or visitors with brief access to unattended devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires physical access to the device but no authentication. The exact method is not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 18.1, iPadOS 18.1

Vendor Advisory: https://support.apple.com/en-us/121563

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Tap General. 3. Tap Software Update. 4. Download and install iOS/iPadOS 18.1 update. 5. Device will restart automatically.

🔧 Temporary Workarounds

Disable Lock Screen Notifications

all

Prevent sensitive content from appearing on lock screen by disabling notifications

Enable Stronger Lock Screen Settings

all

Configure device to hide notification content on lock screen

🧯 If You Can't Patch

Implement strict physical security controls for mobile devices
Configure devices to hide sensitive notification content on lock screen

🔍 How to Verify

Check if Vulnerable:

Check iOS/iPadOS version in Settings > General > About > Software Version. If version is earlier than 18.1, device is vulnerable.

Check Version:

Not applicable - check via device Settings interface

Verify Fix Applied:

Verify iOS/iPadOS version is 18.1 or later in Settings > General > About > Software Version.

📡 Detection & Monitoring

Log Indicators:

No specific log indicators for this vulnerability

Network Indicators:

No network indicators - local physical access required

SIEM Query:

Not applicable for this local physical access vulnerability

📊 Metadata

CVE ID: CVE-2024-54556

CVSS v3 Score: 2.4 (LOW)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-284

EPSS Score: 0.02% exploit probability (4.3th percentile)

Published: January 16, 2026

Last Updated: January 27, 2026

🔗 References

https://support.apple.com/en-us/121563 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54556, you might also want to check these: