CVE-2024-54560: A malicious app may be able to modify other apps without having App Management permission in Apple iOS and iPadOS
CVE-2024-54560 is a logic vulnerability in Apple iOS and iPadOS that could allow a malicious app to modify other apps without requiring the App Management permission. This issue was addressed by Apple with improved checks and is fixed in iOS 18, iPadOS 18, macOS Sequoia 15, tvOS 18, and watchOS 11. The vulnerability has a medium severity rating with a CVSS score of 5. 5. No known exploits are reported in the wild. The vulnerability affects versions prior to the fixed releases.
AI Analysis
Technical Summary
This vulnerability arises from a logic flaw in Apple’s mobile operating systems where an app lacking the App Management permission might still modify other installed apps. Apple resolved this by implementing improved permission checks in the latest OS versions (iOS 18 and iPadOS 18). The CVSS vector indicates the attack requires local access with low complexity, no privileges, and user interaction, impacting integrity but not confidentiality or availability.
Potential Impact
A malicious app running on affected versions of iOS or iPadOS could alter other apps without proper authorization, potentially compromising app integrity. This does not affect confidentiality or availability. There are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Apple has released official fixes in iOS 18, iPadOS 18, and related OS versions. Users and administrators should update to these versions to remediate the vulnerability. Patch status is confirmed by the vendor advisory indicating the issue is fixed in these releases.
CVE-2024-54560: A malicious app may be able to modify other apps without having App Management permission in Apple iOS and iPadOS
Description
CVE-2024-54560 is a logic vulnerability in Apple iOS and iPadOS that could allow a malicious app to modify other apps without requiring the App Management permission. This issue was addressed by Apple with improved checks and is fixed in iOS 18, iPadOS 18, macOS Sequoia 15, tvOS 18, and watchOS 11. The vulnerability has a medium severity rating with a CVSS score of 5. 5. No known exploits are reported in the wild. The vulnerability affects versions prior to the fixed releases.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from a logic flaw in Apple’s mobile operating systems where an app lacking the App Management permission might still modify other installed apps. Apple resolved this by implementing improved permission checks in the latest OS versions (iOS 18 and iPadOS 18). The CVSS vector indicates the attack requires local access with low complexity, no privileges, and user interaction, impacting integrity but not confidentiality or availability.
Potential Impact
A malicious app running on affected versions of iOS or iPadOS could alter other apps without proper authorization, potentially compromising app integrity. This does not affect confidentiality or availability. There are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Apple has released official fixes in iOS 18, iPadOS 18, and related OS versions. Users and administrators should update to these versions to remediate the vulnerability. Patch status is confirmed by the vendor advisory indicating the issue is fixed in these releases.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2024-12-03T22:50:35.515Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69ceb836e6bfc5ba1df6ef32
Added to database: 4/2/2026, 6:40:54 PM
Last enriched: 4/9/2026, 11:36:49 PM
Last updated: 5/20/2026, 9:58:06 PM
Views: 52
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.