VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Dec 12, 2024· Updated Apr 2, 2026

CVE-2024-54526

CVE-2024-54526

Description

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. A malicious app may be able to access private information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A logic issue in Apple's Hidden Photos Album allows a malicious app to view private photos without authentication, patched in recent OS updates.

Vulnerability

Overview

CVE-2024-54526 is a logic issue in the Hidden Photos Album feature across Apple platforms. The flaw allows a malicious app to access private photos without proper authentication, as the album's file handling was insufficiently checked. [1][2][3][4]

Exploitation

An attacker must have a malicious app installed on the device. No additional authentication is required to bypass the Hidden Photos Album's protections, making it accessible to any app that exploits the logic flaw. [1]

Impact

Successful exploitation enables an app to view photos that the user intended to keep hidden, leading to unauthorized disclosure of private information. [1]

Mitigation

Apple has addressed the issue with improved file handling in iOS 18.2, iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, and watchOS 11.2. Users should update their devices to the latest available versions. [1][2][3][4]

References
  1. About the security content of macOS Sequoia 15.2 - Apple Support
  2. About the security content of iOS18.2 and iPadOS18.2 - Apple Support
  3. About the security content of macOSSonoma14.7.2 - Apple Support
  4. About the security content of macOSVentura13.7.2 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Apple Inc./Ipados2 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <18.2
    • (no CPE)range: = 18.2
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <18.2
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <=13.7.2
    • (no CPE)range: = Sequoia 15.2, Sonoma 14.7.2, Ventura 13.7.2
  • Apple Inc./tvOS
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Range: <18.2
  • Apple Inc./watchOS
    cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Range: <11.2
  • Apple Inc./iOSllm-fuzzy
    Range: = 18.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.