Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-54542

CVE-2024-54542: Apple Safari Auth Bypass Vulnerability

CVE-2024-54542 is an authentication bypass flaw in Apple Safari that allows unauthorized access to Private Browsing tabs. This article covers the technical details, affected versions, security impact, and mitigation.

Updated:

CVE-2024-54542 Overview

CVE-2024-54542 is an authentication bypass vulnerability affecting Apple Safari and multiple Apple operating systems. The flaw allows Private Browsing tabs to be accessed without authentication, exposing sensitive browsing sessions that users expect to remain protected. Apple addressed the issue with improved state management in Safari 18.2, iOS 18.2, iPadOS 18.2, macOS Sequoia 15.2, and watchOS 11.2. The vulnerability is categorized under [CWE-862] Missing Authorization and affects the Safari browser across Apple's ecosystem.

Critical Impact

Attackers with local access to an unlocked device can view Private Browsing tabs without providing the configured authentication, exposing sensitive user activity.

Affected Products

  • Apple Safari (before 18.2)
  • Apple iOS and iPadOS (before 18.2)
  • Apple macOS Sequoia (before 15.2)
  • Apple watchOS (before 11.2)

Discovery Timeline

  • 2025-01-27 - CVE-2024-54542 published to NVD
  • 2026-04-02 - Last updated in NVD database

Technical Details for CVE-2024-54542

Vulnerability Analysis

The vulnerability stems from improper state management in Safari's Private Browsing authentication flow. Safari supports an authentication requirement before Private Browsing tabs become visible, using Face ID, Touch ID, or device passcode. State management logic failed to enforce this authentication check under specific conditions, exposing tab contents to anyone with access to the Safari interface.

The issue is classified as Missing Authorization [CWE-862]. The application performs the sensitive action of revealing Private Browsing content without first validating that the user satisfied the authentication challenge. Because Private Browsing tabs frequently contain personal accounts, financial sessions, and confidential research, the disclosure impact is significant.

Root Cause

The root cause is incorrect state transitions between locked and unlocked Private Browsing modes. Safari did not consistently treat the authentication state as authoritative when determining whether to render private tab content. Apple's advisory describes the fix as improved state management, indicating internal flags governing the locked state were either bypassable or incorrectly initialized.

Attack Vector

An attacker requires interactive access to the Safari interface on a target device. By manipulating navigation, tab switching, or interface state transitions, the attacker can reach Private Browsing tabs without satisfying the configured authentication. No malicious payload, network position, or elevated privileges are required to trigger the disclosure once the attacker reaches Safari.

The vulnerability mechanism is described in the Apple Support Advisory #121837 and corresponding platform advisories. No verified public proof-of-concept code is available for this issue.

Detection Methods for CVE-2024-54542

Indicators of Compromise

  • Unexpected access to Private Browsing tab history on shared or recovered devices
  • User reports of Private Browsing content appearing without the authentication prompt
  • Safari version strings reporting builds older than 18.2 across managed Apple fleets

Detection Strategies

  • Inventory Apple endpoints through MDM and flag devices running Safari, iOS, iPadOS, macOS, or watchOS versions below the patched releases
  • Correlate device compliance posture with browser version telemetry to identify unpatched Safari installations
  • Use mobile device management compliance policies to alert when affected OS versions remain in production

Monitoring Recommendations

  • Monitor MDM reports for OS and Safari versions on a recurring schedule until full fleet remediation is confirmed
  • Track patch rollout metrics for iOS 18.2, iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2, and Safari 18.2
  • Audit shared, kiosk, and loaner Apple devices, since the vulnerability requires physical interaction with Safari

How to Mitigate CVE-2024-54542

Immediate Actions Required

  • Update Safari to version 18.2 on macOS systems that have not yet upgraded to Sequoia 15.2
  • Upgrade iPhone devices to iOS 18.2 and iPad devices to iPadOS 18.2
  • Upgrade macOS systems to Sequoia 15.2 to receive the bundled Safari fix
  • Update Apple Watch devices to watchOS 11.2

Patch Information

Apple released fixes through the platform advisories at Apple Support Advisory #121837, Apple Support Advisory #121839, Apple Support Advisory #121843, and Apple Support Advisory #121846. Each advisory documents the affected platform and the specific build that addresses the improved state management fix for Private Browsing.

Workarounds

  • Disable Private Browsing through Screen Time content restrictions on iOS and iPadOS until patches are deployed
  • Require device-level authentication (passcode, Face ID, Touch ID) and reduce auto-lock timeouts to limit physical access
  • Avoid leaving Apple devices unlocked in shared environments where Private Browsing tabs may contain sensitive sessions
  • Enforce patch compliance through MDM policies that block access to corporate resources from unpatched devices
bash
# Verify Safari version on macOS
defaults read /Applications/Safari.app/Contents/Info.plist CFBundleShortVersionString

# Verify macOS version
sw_vers -productVersion

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne