CVE-2024-54509
Published: 27 January 2025
Description
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.
Security Summary
CVE-2024-54509 is an out-of-bounds write vulnerability (CWE-787) in macOS, stemming from insufficient input validation. It affects macOS Sequoia prior to version 15.2 and macOS Sonoma prior to versions 14.7.2 and 14.7.3. The issue was publicly disclosed on January 27, 2025, and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation allows an malicious app to cause unexpected system termination or arbitrarily write to kernel memory, potentially enabling kernel code execution, privilege escalation, or persistent system compromise.
Apple's security advisories detail the fix through improved input validation, available in macOS Sequoia 15.2, macOS Sonoma 14.7.2, and macOS Sonoma 14.7.3. Security practitioners should prioritize updating affected systems, as referenced in Apple's support pages (e.g., HT121839, HT121840, HT122069) and related disclosures.
Details
- CWE(s)