CVE-2024-54556

// CVE-2024-54556 PoC - iOS/iPadOS Lock Screen Content Bypass // Note: This is a conceptual PoC based on the vulnerability description // Actual exploitation requires physical access to the device /* Vulnerability Summary: - Type: Lock Screen Bypass / State Management Issue - Attack Vector: Physical (AV:P) - Privilege Required: None (PR:N) - User Interaction: None (UI:N) Conceptual Attack Steps: 1. Attacker gains physical access to iOS/iPadOS device 2. Device is in locked state 3. Attacker performs specific UI sequence (details not publicly disclosed) 4. Restricted content becomes visible on lock screen Note: Apple has patched this in iOS 18.1 and iPadOS 18.1 The exact exploitation steps are not publicly available to prevent active exploitation. */ // Example conceptual interaction (pseudo-code) function lockScreenBypassPoC() { // This is a placeholder representation // Actual PoC requires specific undocumented interaction sequence const deviceState = { isLocked: true, restrictedContent: 'SENSITIVE_DATA', bypassTriggered: false }; // Specific interaction sequence to trigger vulnerability // (Exact steps not publicly disclosed by Apple) const interactionSequence = [ 'swipe_left', // Open camera/notification 'specific_gesture', // Unknown gesture 'tap_location' // Unknown tap location ]; // After triggering, restricted content becomes visible if (checkVulnerability(deviceState)) { deviceState.bypassTriggered = true; return deviceState.restrictedContent; } return null; } // Mitigation: Update to iOS 18.1+ or iPadOS 18.1+ function checkMitigation() { const currentVersion = getiOSVersion(); return compareVersions(currentVersion, '18.1') >= 0; }

{"cve": {"id": "CVE-2024-54556", "sourceIdentifier": "[email protected]", "published": "2026-01-16T18:16:06.203", "lastModified": "2026-01-27T20:24:54.107", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen."}, {"lang": "es", "value": "Este problema se abordó mediante una mejor gestión de estado. Este problema se corrigió en iOS 18.1 y iPadOS 18.1. Un usuario podría ver contenido restringido desde la pantalla de bloqueo."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.4, "baseSeverity": "LOW", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.1", "matchCriteriaId": "1F64554D-9F90-4871-9A0B-FB28BD52F4B3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.1", "matchCriteriaId": "B9A26654-0DDB-4D4D-BB1E-C65C3339148E"}]}]}], "references": [{"url": "https://support.apple.com/en-us/121563", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}