CVE-2024-54507

Medium

Published: 27 January 2025

Published

27 January 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0013 31.5th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An attacker with user privileges may be able to read kernel memory.

Security Summary

CVE-2024-54507 is a type confusion vulnerability addressed through improved memory handling in Apple operating systems. It affects iOS versions prior to 18.2, iPadOS versions prior to 18.2, and macOS Sequoia versions prior to 15.2. Associated with CWE-843 (Type Confusion) and CWE-125 (Out-of-bounds Read), the issue carries a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

A local attacker with user privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation enables reading of kernel memory, providing high confidentiality impact while leaving integrity and availability unaffected.

Apple's security content advisories confirm the issue was fixed in iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2. Additional details are available at https://support.apple.com/en-us/121837 and https://support.apple.com/en-us/121839.

Details

CWE(s): CWE-843CWE-125

Affected Products

apple

ipados

≤ 18.2

apple

iphone os

≤ 18.2

apple

macos

≤ 15.2

References

https://support.apple.com/en-us/121837
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/121839
Release Notes, Vendor Advisory · product-security@apple.com