SB2024121206 - Multiple vulnerabilities in Apple iPadOS 17
Published: December 12, 2024 Updated: April 30, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Cleartext transmission of sensitive information (CVE-ID: CVE-2024-54492)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in Passwords due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
2) Type Confusion (CVE-ID: CVE-2024-54505)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim into opening a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Input validation error (CVE-ID: CVE-2024-54479)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2024-54501)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in SceneKit. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service (DoS) attack.
5) Information disclosure (CVE-ID: CVE-2024-44246)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in Safari on a device with Private Relay enabled. When adding a website to the Safari Reading List may reveal the originating IP address to the website.
6) Input validation error (CVE-ID: CVE-2024-44225)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of untrusted input in libxpc. A local application can escalate privileges on the system.
7) Out-of-bounds read (CVE-ID: CVE-2024-54486)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in FontParser. A remote attacker can trick the victim into opening a specially crafted file, trigger an out-of-bounds read error and read contents of memory on the system.
8) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2024-45490)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in xmlparse.c when handling negative length for XML_ParseBuffer. A remote attacker can pass specially crafted input to the application, trigger buffer underflow and execute arbitrary code on the system.
9) Buffer overflow (CVE-ID: CVE-2024-44201)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in libarchive. A remote attacker can trick the victim into opening a specially crafted archive, trigger memory corruption and perform a denial of service (DoS) attack.
10) Buffer overflow (CVE-ID: CVE-2024-44245)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
11) Race condition (CVE-ID: CVE-2024-54510)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a race condition within the OS kernel. A local application can gain access to parts of kernel memory.
12) Race condition (CVE-ID: CVE-2024-54494)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the OS kernel. A local user can create a read-only memory mapping that can be written to.
13) Out-of-bounds read (CVE-ID: CVE-2024-54500)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can trick the victim into opening a specially crafted image file, trigger an out-of-bounds read error and read contents of memory on the system.
14) Information disclosure (CVE-ID: CVE-2024-54485)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to a logic issue in VoiceOver. An attacker with physical access to device can view notification content from the lock screen.
15) Missing Authorization (CVE-ID: CVE-2024-54488)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a logic error in Accounts feature. A local application can view Photos in the Hidden Photos Album without authorization.
16) Protection mechanism failure (CVE-ID: CVE-2024-54468)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures within the OS kernel. A local application can break out of its sandbox.
17) Insufficient verification of data authenticity (CVE-ID: CVE-2025-24091)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient verification of data authenticity in Libnotify. A local application can impersonate system notifications, leading to a denial of service condition.
Remediation
Install update from vendor's website.