CVE-2024-54525
Published: 17 March 2025
Description
Adversaries may modify property list files (plist files) to enable other malicious activity, while also potentially evading and bypassing system defenses.
Security Summary
CVE-2024-54525 is a logic issue in file handling that enables the restoration of a maliciously crafted backup file to modify protected system files. The vulnerability affects Apple's iOS and iPadOS versions prior to 18.2, macOS Sequoia prior to 15.2, tvOS prior to 18.2, visionOS prior to 2.2, and watchOS prior to 11.2. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).
An attacker can exploit this vulnerability over the network with low complexity and no required privileges by tricking a user into restoring a malicious backup file, which requires user interaction. Successful exploitation allows modification of protected system files, resulting in high impacts to confidentiality, integrity, and availability.
Apple security advisories detail the fix through improved file handling in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, and watchOS 11.2. Mitigation involves updating to these patched versions, as outlined in the referenced support pages: https://support.apple.com/en-us/121837, https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121843, https://support.apple.com/en-us/121844, and https://support.apple.com/en-us/121845.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables exploitation via a maliciously crafted backup file that requires user interaction to restore (T1204.002 Malicious File). Successful exploitation allows modification of protected system files, which directly facilitates plist modification for boot or logon autostart execution on affected Apple platforms (T1547.011).