CVE-2024-54558: An app may be able to trick a user into granting access to photos from the user's photo library in Apple iOS and iPadOS
CVE-2024-54558 is a low-severity clickjacking vulnerability in Apple iOS and iPadOS that could allow a malicious app to trick a user into granting access to their photo library. The issue involves improper handling of out-of-process views, which has been addressed in iOS 18 and iPadOS 18. This vulnerability does not impact confidentiality beyond limited photo access, nor does it affect integrity or availability. No known exploits are reported in the wild. The vulnerability is fixed in the latest OS versions.
AI Analysis
Technical Summary
This vulnerability (CVE-2024-54558) involves a clickjacking flaw in Apple iOS and iPadOS where an app may deceive a user into granting photo library access by exploiting out-of-process view handling. Apple resolved this issue by improving the handling of these views in iOS 18 and iPadOS 18. The CVSS 3.1 base score is 2.8, reflecting low impact with local attack vector, low complexity, requiring user interaction and limited confidentiality impact. There are no known active exploits, and the vulnerability affects versions prior to iOS 18 and iPadOS 18.
Potential Impact
The impact is limited to potential unauthorized access to photos if a user is tricked into granting permission. There is no impact on system integrity or availability. The confidentiality impact is low, as only photo library access may be gained. No known exploitation in the wild has been reported.
Mitigation Recommendations
This vulnerability is fixed in iOS 18 and iPadOS 18. Users and administrators should update affected devices to these versions or later to remediate the issue. No additional mitigation is required beyond applying the official update.
CVE-2024-54558: An app may be able to trick a user into granting access to photos from the user's photo library in Apple iOS and iPadOS
Description
CVE-2024-54558 is a low-severity clickjacking vulnerability in Apple iOS and iPadOS that could allow a malicious app to trick a user into granting access to their photo library. The issue involves improper handling of out-of-process views, which has been addressed in iOS 18 and iPadOS 18. This vulnerability does not impact confidentiality beyond limited photo access, nor does it affect integrity or availability. No known exploits are reported in the wild. The vulnerability is fixed in the latest OS versions.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2024-54558) involves a clickjacking flaw in Apple iOS and iPadOS where an app may deceive a user into granting photo library access by exploiting out-of-process view handling. Apple resolved this issue by improving the handling of these views in iOS 18 and iPadOS 18. The CVSS 3.1 base score is 2.8, reflecting low impact with local attack vector, low complexity, requiring user interaction and limited confidentiality impact. There are no known active exploits, and the vulnerability affects versions prior to iOS 18 and iPadOS 18.
Potential Impact
The impact is limited to potential unauthorized access to photos if a user is tricked into granting permission. There is no impact on system integrity or availability. The confidentiality impact is low, as only photo library access may be gained. No known exploitation in the wild has been reported.
Mitigation Recommendations
This vulnerability is fixed in iOS 18 and iPadOS 18. Users and administrators should update affected devices to these versions or later to remediate the issue. No additional mitigation is required beyond applying the official update.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-12-03T22:50:35.515Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69ceb834e6bfc5ba1df6eed3
Added to database: 4/2/2026, 6:40:52 PM
Last enriched: 4/9/2026, 11:36:39 PM
Last updated: 5/20/2026, 7:18:22 AM
Views: 43
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.