VYPR
← All advisories
Medium severity4.6NVD Advisory· Published Jan 15, 2025· Updated Apr 2, 2026

CVE-2024-54470

CVE-2024-54470

Description

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contacts from the lock screen.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A logic issue in iOS and iPadOS allows an attacker with physical access to view contacts from the lock screen, addressed in iOS 17.7.1, 18.1, and corresponding iPadOS versions.

CVE-2024-54470 is a logic issue in the lock screen of iOS and iPadOS that could allow an attacker with physical access to a locked device to access contacts. The flaw was present in versions prior to iOS 17.7.1 and iOS 18.1, as well as corresponding iPadOS versions. Apple addressed the issue with improved checks and authentication [1][2].

Exploitation requires physical access to a locked device. The attacker does not need to unlock the device; they can bypass lock screen restrictions to view contact information. No authentication is needed beyond physical possession. The attack surface is limited to devices running vulnerable iOS/iPadOS versions [1][2].

An attacker could gain access to sensitive contact data, including names, phone numbers, and email addresses, without unlocking the device. This could lead to privacy breaches or further social engineering attacks. The vulnerability is rated Medium with a CVSS v3 score of 4.6 [1][2].

Apple released patches in iOS 17.7.1 and iOS 18.1 on October 28, 2024. Users should update their devices to these or later versions. There is no mention of a workaround; updating is the recommended mitigation [1][2].

References
  1. About the security content of iOS 18.1 and iPadOS 18.1 - Apple Support
  2. About the security content of iOS 17.7.1 and iPadOS 17.7.1 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Apple Inc./Ipados3 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <17.7.1
    • cpe:2.3:o:apple:ipados:18.0:*:*:*:*:*:*:*
    • (no CPE)range: = 17.7.1, = 18.1
  • Apple Inc./Iphone Os2 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=17.7.1
    • cpe:2.3:o:apple:iphone_os:18.0:*:*:*:*:*:*:*
  • Apple Inc./iOSllm-fuzzy
    Range: = 17.7.1, = 18.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.