CVE-2024-54499
Published: 27 January 2025
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may lead to arbitrary code execution.
Security Summary
CVE-2024-54499 is a use-after-free vulnerability (CWE-416) addressed through improved memory management in Apple's operating systems. It affects iOS prior to version 18.2, iPadOS prior to 18.2, macOS Sequoia prior to 15.2, tvOS prior to 18.2, visionOS prior to 2.2, and watchOS prior to 11.2. The issue arises during processing of images, potentially allowing arbitrary code execution.
With a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), the vulnerability can be exploited remotely by an unauthenticated attacker with low complexity. Exploitation requires user interaction, such as opening or viewing a maliciously crafted image, which could lead to full compromise of confidentiality, integrity, and availability through arbitrary code execution in the context of the image processing component.
Apple's security advisories confirm the issue was fixed in the listed software updates, recommending immediate patching to iOS 18.2 and equivalents across affected platforms. Detailed information is available in advisories at https://support.apple.com/en-us/121837, https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121843, https://support.apple.com/en-us/121844, and https://support.apple.com/en-us/121845.
Details
- CWE(s)