CVE-2024-54517

CVE-2024-54517 is a memory corruption vulnerability stemming from insufficient bounds checks, classified under CWE-787 (Out-of-bounds Write). It affects Apple's operating systems, specifically versions of iOS and iPadOS prior to 18.2, macOS Sequoia prior to 15.2, tvOS prior to 18.2, and watchOS prior to 11.2. The flaw enables an app to corrupt coprocessor memory, potentially leading to arbitrary code execution or system instability within the affected components.

The vulnerability carries a CVSS v3.1 base score of 7.8 (High), with a local attack vector (AV:L), low attack complexity (AC:L), and low privileges required (PR:L), requiring no user interaction (UI:N) and maintaining unchanged scope (S:U). A local attacker, such as one running a malicious app with standard user-level permissions, can exploit it to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), including potential data leakage, modification, or denial of service through coprocessor memory corruption.

Apple's security advisories detail that the issue was resolved through improved bounds checks, with patches available in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, and watchOS 11.2. Security practitioners should prioritize updating affected devices to these versions, as outlined in the vendor's release notes at https://support.apple.com/en-us/121837, https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121843, and https://support.apple.com/en-us/121844.