CVE-2025-54470:
Análisis y mitigación de vulnerabilidades
Vista general
A logic issue was discovered in Apple iOS and iPadOS affecting versions prior to iOS 18.1, iPadOS 18.1, iOS 17.7.1, and iPadOS 17.7.1. The vulnerability was identified and reported by Bistrit Dahal and Kenneth Chew, with disclosure on January 15, 2025 (Apple Support, Apple Support).
Técnicas
The vulnerability (CVE-2024-54470) is related to a logic issue in the Siri component that was addressed with improved checks. The vulnerability has been assigned a CVSS v3.1 base score of 4.6 (Medium) with the vector string CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating physical access is required but no privileges or user interaction are needed to exploit it (NVD).
Impacto
An attacker with physical access to a locked device may be able to access contacts from the lock screen, potentially exposing sensitive user information (Apple Support, Apple Support).
Mitigación y soluciones alternativas
Apple has addressed this vulnerability by implementing improved checks in iOS 18.1 and iPadOS 18.1, as well as iOS 17.7.1 and iPadOS 17.7.1. Users are advised to update their devices to these or later versions to protect against this vulnerability (Apple Support, Apple Support).
Recursos adicionales
Fuente: Este informe se generó utilizando IA
Evaluación gratuita de vulnerabilidades
Compare su postura de seguridad en la nube
Evalúe sus prácticas de seguridad en la nube en 9 dominios de seguridad para comparar su nivel de riesgo e identificar brechas en sus defensas.
Recursos adicionales de Wiz
Obtén una demostración personalizada
¿Listo para ver a Wiz en acción?
"La mejor experiencia de usuario que he visto en mi vida, proporciona una visibilidad completa de las cargas de trabajo en la nube."
"Wiz proporciona un panel único para ver lo que ocurre en nuestros entornos en la nube."
"Sabemos que si Wiz identifica algo como crítico, en realidad lo es."