CVE-2024-54550: An app may be able to view autocompleted contact information from Messages and Mail in system logs in Apple iOS and iPadOS
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.
AI Analysis
Technical Summary
This vulnerability allows an app on Apple iOS and iPadOS to view autocompleted contact information from Messages and Mail by accessing system logs that did not sufficiently redact sensitive data. The issue is classified under CWE-200 (Exposure of Sensitive Information). Apple fixed the issue by enhancing redaction mechanisms in system logs, with the patch released in iOS 18.2 and iPadOS 18.2. The CVSS 3.1 base score is 4.0, reflecting low complexity and local attack vector with limited confidentiality impact. No integrity or availability impacts are reported. No known exploits have been observed in the wild.
Potential Impact
An attacker with local access to the device could potentially read autocompleted contact information from system logs, leading to limited exposure of sensitive contact data. There is no impact on data integrity or system availability. The confidentiality impact is low, as only autocompleted contact information is exposed, and exploitation requires local access without user interaction.
Mitigation Recommendations
This vulnerability is fixed in iOS 18.2 and iPadOS 18.2. Users and administrators should update affected devices to these versions or later to remediate the issue. No additional mitigation steps are required beyond applying the official update.
CVE-2024-54550: An app may be able to view autocompleted contact information from Messages and Mail in system logs in Apple iOS and iPadOS
Description
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.
CVSS v3.1
Score 4.0medium
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability allows an app on Apple iOS and iPadOS to view autocompleted contact information from Messages and Mail by accessing system logs that did not sufficiently redact sensitive data. The issue is classified under CWE-200 (Exposure of Sensitive Information). Apple fixed the issue by enhancing redaction mechanisms in system logs, with the patch released in iOS 18.2 and iPadOS 18.2. The CVSS 3.1 base score is 4.0, reflecting low complexity and local attack vector with limited confidentiality impact. No integrity or availability impacts are reported. No known exploits have been observed in the wild.
Potential Impact
An attacker with local access to the device could potentially read autocompleted contact information from system logs, leading to limited exposure of sensitive contact data. There is no impact on data integrity or system availability. The confidentiality impact is low, as only autocompleted contact information is exposed, and exploitation requires local access without user interaction.
Mitigation Recommendations
This vulnerability is fixed in iOS 18.2 and iPadOS 18.2. Users and administrators should update affected devices to these versions or later to remediate the issue. No additional mitigation steps are required beyond applying the official update.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-12-03T22:50:35.513Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69ceb834e6bfc5ba1df6eec7
Added to database: 04/02/2026, 18:40:52 UTC
Last enriched: 06/02/2026, 19:57:17 UTC
Last updated: 07/04/2026, 08:51:18 UTC
Views: 71
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.