VYPR
← All advisories
Medium severity5.9NVD Advisory· Published Dec 12, 2024· Updated Apr 2, 2026

CVE-2024-54492

CVE-2024-54492

Description

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An attacker in a privileged network position may alter network traffic due to unencrypted HTTP, fixed by enforcing HTTPS in Apple OS updates.

Vulnerability

Overview The vulnerability arises from the use of unencrypted HTTP instead of HTTPS for network communication. This allows an attacker in a privileged network position to modify network traffic [1][2][3][4].

Exploitation

An attacker must be in a privileged network position, such as on the same local network or capable of performing a man-in-the-middle attack, to intercept and alter the traffic [1].

Impact

Successful exploitation could allow the attacker to alter network traffic, potentially leading to data tampering or the injection of malicious content [1][2].

Mitigation

Apple has addressed this issue by switching to HTTPS in the following updates: iOS 18.2, iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, and visionOS 2.2 [1][2][3][4]. Users are advised to update their devices.

References
  1. About the security content of macOS Sequoia 15.2 - Apple Support
  2. About the security content of iOS18.2 and iPadOS18.2 - Apple Support
  3. About the security content of visionOS2.2 - Apple Support
  4. About the security content of iPadOS17.7.3 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Apple Inc./Ipados2 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <17.7.3
    • (no CPE)
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <18.2
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <15.2
    • (no CPE)range: <15.2
  • Apple Inc./Visionos
    cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
    Range: <2.2
  • Apple Inc./iOSllm-fuzzy
    Range: <18.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.