CVE-2024-54560 – This vulnerability allows a malicious app to mo... (How to Fix)

Q: What is the severity of CVE-2024-54560?

CVE-2024-54560 has a CVSS score of 5.5 (MEDIUM). This vulnerability allows a malicious app to modify other applications without proper App Management permission on Apple devices. It affects iOS, iPadOS, watchOS, tvOS, and macOS systems running versions before the security updates. The issue stems from a logic flaw that was addressed with improved permission checks.

📋 TL;DR

This vulnerability allows a malicious app to modify other applications without proper App Management permission on Apple devices. It affects iOS, iPadOS, watchOS, tvOS, and macOS systems running versions before the security updates. The issue stems from a logic flaw that was addressed with improved permission checks.

💻 Affected Systems

Products:

iOS
iPadOS
watchOS
tvOS
macOS

Versions: Versions before iOS 18, iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15

Operating Systems: iOS, iPadOS, watchOS, tvOS, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard configurations are vulnerable. The vulnerability requires a malicious app to be installed on the device.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious app could modify legitimate applications to inject malicious code, steal sensitive data, or create persistent backdoors without user knowledge.

🟠

Likely Case

Malicious apps could tamper with other apps' data or configurations, potentially leading to data corruption, privacy violations, or unauthorized functionality changes.

🟢

If Mitigated

With proper app vetting and security controls, the risk is limited to untrusted apps that manage to bypass app store review processes.

🌐 Internet-Facing: LOW - This requires local app installation and execution, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - Risk exists if users install untrusted apps from outside official app stores or enterprise app distribution channels.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires a malicious app to be installed and executed on the target device. The app must bypass app store review or come from untrusted sources.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 18, iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15

Vendor Advisory: https://support.apple.com/en-us/121238

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install the latest available update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation Sources

all

Configure devices to only allow app installation from trusted sources like the official App Store or enterprise app distribution.

Mobile Device Management (MDM) Restrictions

all

Use MDM policies to restrict app installation and enforce app allowlisting.

🧯 If You Can't Patch

Implement strict app vetting processes and only allow installation from trusted sources
Use application allowlisting to prevent unauthorized apps from running

🔍 How to Verify

Check if Vulnerable:

Check device version in Settings > General > About > Software Version. If version is below iOS 18, iPadOS 18, watchOS 11, tvOS 18, or macOS Sequoia 15, the device is vulnerable.

Check Version:

iOS/iPadOS: Settings > General > About > Software Version. macOS: Apple menu > About This Mac > macOS version.

Verify Fix Applied:

Verify device is running iOS 18, iPadOS 18, watchOS 11, tvOS 18, or macOS Sequoia 15 or later.

📡 Detection & Monitoring

Log Indicators:

Unexpected app modification events
App permission escalation attempts
App integrity violations

Network Indicators:

Unusual app update traffic from non-App Store sources

SIEM Query:

source="apple_device_logs" AND (event_type="app_modification" OR permission="AppManagement") AND result="success"

📊 Metadata

CVE ID: CVE-2024-54560

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE: CWE-269

EPSS Score: 0.08% exploit probability (22.6th percentile)

Published: March 10, 2025

Last Updated: March 14, 2025

🔗 References

https://support.apple.com/en-us/121238 Release Notes,Vendor Advisory
https://support.apple.com/en-us/121240 Release Notes,Vendor Advisory
https://support.apple.com/en-us/121248 Release Notes,Vendor Advisory
https://support.apple.com/en-us/121250 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54560, you might also want to check these: