CVE-2024-54467

A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121238	Release Notes Vendor Advisory
https://support.apple.com/en-us/121240	Release Notes Vendor Advisory
https://support.apple.com/en-us/121241	Release Notes Vendor Advisory
https://support.apple.com/en-us/121248	Release Notes Vendor Advisory
https://support.apple.com/en-us/121249	Release Notes Vendor Advisory
https://support.apple.com/en-us/121250	Release Notes Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

03 Nov 2025, 20:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html -
References	~~() https://support.apple.com/en-us/121238 - Vendor Advisory, Release Notes~~	() https://support.apple.com/en-us/121238 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121240 - Vendor Advisory, Release Notes~~	() https://support.apple.com/en-us/121240 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121241 - Vendor Advisory, Release Notes~~	() https://support.apple.com/en-us/121241 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121248 - Vendor Advisory, Release Notes~~	() https://support.apple.com/en-us/121248 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121249 - Vendor Advisory, Release Notes~~	() https://support.apple.com/en-us/121249 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/121250 - Vendor Advisory, Release Notes~~	() https://support.apple.com/en-us/121250 - Release Notes, Vendor Advisory

Information

Published : 2025-03-10 19:15

Updated : 2025-11-03 20:16

NVD link : CVE-2024-54467

Mitre link : CVE-2024-54467

CVE.ORG link : CVE-2024-54467

JSON object : View

Products Affected

apple

watchos
ipados
iphone_os
safari
tvos
macos

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

6.5 /10