CVE-2024-54564 is a vulnerability in Apple’s iOS and iPadOS platforms related to the handling of files received via AirDrop, Apple's peer-to-peer file sharing feature. Normally, files received from external sources are tagged with a quarantine flag, a security feature that triggers warnings or restrictions when the file is accessed, preventing inadvertent execution of potentially malicious content. Due to improper state management, files received through AirDrop may not have this quarantine flag applied, effectively bypassing this security control. This flaw affects all versions prior to iOS 17.6 and iPadOS 17.6, as well as macOS Sonoma 14.6 and visionOS 1.3. The vulnerability is classified under CWE-276 (Incorrect Default Permissions), indicating a failure to apply appropriate security attributes to received files. The CVSS v3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact primarily concerns confidentiality and availability, as the lack of quarantine could allow malicious files to be opened without warning, potentially leading to further compromise. Apple resolved the issue by improving the state management logic that governs quarantine flag application. No known exploits have been reported in the wild, but the vulnerability presents a risk especially in environments where AirDrop is used frequently to share files.

The vulnerability could allow attackers to deliver files via AirDrop that bypass the quarantine flag, increasing the risk that malicious files are opened without user warnings or restrictions. This could lead to inadvertent execution of malware or unauthorized data access, impacting confidentiality and availability. While the vulnerability does not directly allow code execution or privilege escalation, it lowers the security posture by removing a key protective mechanism. Organizations relying on Apple devices, especially those with frequent AirDrop usage, may face increased risk of malware introduction or data leakage. The lack of user interaction requirement and no need for privileges make exploitation easier in scenarios where attackers can physically or logically be near target devices. However, the absence of known exploits in the wild suggests limited active exploitation currently. The vulnerability is particularly relevant for sectors with sensitive data or high security requirements, such as government, finance, healthcare, and education.

1. Update all affected Apple devices to iOS 17.6, iPadOS 17.6, macOS Sonoma 14.6, or visionOS 1.3 as soon as possible to ensure the vulnerability is patched. 2. Restrict or disable AirDrop usage in sensitive environments or on devices handling critical data to reduce exposure. 3. Educate users about the risks of accepting files from unknown or untrusted sources via AirDrop. 4. Implement endpoint security solutions that scan files received via AirDrop for malware, even if quarantine flags are missing. 5. Use Mobile Device Management (MDM) tools to enforce security policies limiting AirDrop functionality or controlling file sharing permissions. 6. Monitor network and device logs for unusual AirDrop activity or unexpected file transfers. 7. Encourage users to verify the origin of files received and avoid opening files without confirmation, especially if received unexpectedly.