CVE-2024-54535
Description
A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A path handling vulnerability in Apple operating systems allows an attacker with calendar data access to read reminders, fixed in iOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1.
Vulnerability
Details CVE-2024-54535 is a path handling issue in Apple operating systems. The root cause is improper logic when managing file paths, leading to a breach in data separation between the Calendar and Reminders apps.
Exploitation
An attacker who already has access to calendar data (e.g., through a malicious app or physical access) can exploit this flaw to read reminders without proper authorization. No additional privileges are needed beyond calendar data access.
Impact
Successful exploitation allows an unauthorized party to read reminder data, potentially exposing sensitive information such as personal tasks and deadlines.
Mitigation
Apple has addressed the issue in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, and watchOS 11.1 [1][2][3][4]. Users are advised to update their devices to the latest available versions.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- support.apple.com/en-us/121563nvdVendor Advisory
- support.apple.com/en-us/121565nvdVendor Advisory
- support.apple.com/en-us/121566nvdVendor Advisory
- support.apple.com/en-us/121564nvd
News mentions
0No linked articles in our index yet.