CVE-2024-54468

CVE-2024-54468 is a sandbox escape vulnerability affecting multiple Apple operating systems, including iOS prior to version 18.2, iPadOS prior to 18.2 or 17.7.3, macOS Sequoia prior to 15.2, macOS Sonoma prior to 14.7.2, macOS Ventura prior to 13.7.2, tvOS prior to 18.2, and watchOS prior to 11.2. The flaw enables an app to break out of its designated sandbox boundaries, and it was addressed by Apple through improved checks. The vulnerability carries a CVSS v3.1 base score of 8.2 (High), with vector AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N.

Exploitation requires local access to the device, low attack complexity, and user interaction, such as executing a malicious app, with no prior privileges needed. An attacker could leverage this to escape the app's sandbox, achieving high impacts on confidentiality and integrity across a changed scope, potentially allowing unauthorized access to sensitive data or modification of protected resources.

Apple's security advisories, detailed in support documents such as https://support.apple.com/en-us/121837 and related pages, confirm the issue is fixed in the specified versions of iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, and watchOS 11.2. Mitigation requires applying these updates promptly to prevent exploitation.