VYPR
← All advisories
High severity8.2NVD Advisory· Published Jan 27, 2025· Updated Apr 2, 2026

CVE-2024-54468

CVE-2024-54468

Description

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to break out of its sandbox.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A sandbox escape in Apple operating systems allows an app to break out of its container; fixed in iOS 18.2, iPadOS 18.2, and other updates.

Analysis

CVE-2024-54468 is a sandbox escape vulnerability affecting multiple Apple platforms. The issue exists in the macOS, iOS, iPadOS, tvOS, and watchOS operating systems. Apple's advisory confirms that an app may be able to break out of its sandbox, meaning a malicious or compromised application could bypass the system's security restrictions.[1][2]

Root

Cause and Impact

The root cause is addressed with improved checks, though the vendor has not publicly detailed the specific logic flaw. This vulnerability could allow an attacker to escape the application sandbox, potentially gaining unintended access to system resources, user data, or other apps. The impact is rated high with a CVSS v3 score of 8.2, indicating significant severity. The vulnerability is present across a wide range of hardware, including iPhone XS and later, multiple iPad models, and various Macs running the affected operating systems.[2][3]

Mitigation

Apple has released patches for this vulnerability in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, and watchOS 11.2. Users are strongly advised to update their devices to the latest available software versions to protect against potential exploitation. The issue was responsibly disclosed through Apple's security program.[1][4]

References
  1. About the security content of macOS Sequoia 15.2 - Apple Support
  2. About the security content of iOS18.2 and iPadOS18.2 - Apple Support
  3. About the security content of macOSSonoma14.7.2 - Apple Support
  4. About the security content of macOSVentura13.7.2 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Apple Inc./Ipados2 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: >=17.0,<17.7.3
    • (no CPE)range: <18.2, <17.7.3
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <18.2
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <13.7.2
    • (no CPE)range: <15.2, <14.7.2, <13.7.2
  • Apple Inc./tvOS
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Range: <18.2
  • Apple Inc./watchOS
    cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Range: <11.2
  • Apple Inc./iOSllm-fuzzy
    Range: <18.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.