CVE-2024-54522

CVE-2024-54522 is a memory corruption vulnerability stemming from insufficient bounds checks, classified as CWE-787 (Out-of-bounds Write). It affects Apple's iOS prior to version 18.2, iPadOS prior to 18.2, macOS Sequoia prior to 15.2, tvOS prior to 18.2, and watchOS prior to 11.2. The flaw allows an app to corrupt coprocessor memory, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2025-01-27.

A local attacker with low privileges, such as one running a malicious app on the device, can exploit this issue with low complexity and no user interaction required. Successful exploitation enables corruption of coprocessor memory, resulting in high impacts to confidentiality, integrity, and availability.

Apple's security advisories confirm the issue was fixed with improved bounds checks in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, and watchOS 11.2. Mitigation involves updating affected devices to these versions or later, as detailed in the following support pages: https://support.apple.com/en-us/121837, https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121843, and https://support.apple.com/en-us/121844.