CVE-2024-54523
Published: 27 January 2025
Description
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.
Security Summary
CVE-2024-54523 is a vulnerability addressed through improved bounds checks, classified under CWE-787 (Out-of-bounds Write). It affects Apple operating systems prior to the following versions: iOS 18.2, iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, and watchOS 11.2. The flaw allows an app to corrupt coprocessor memory, with a CVSS v3.1 base score of 6.3 (AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
A local attacker with no privileges required can exploit this vulnerability by tricking a user into interacting with a malicious app, such as through social engineering to install or execute it. Successful exploitation enables high integrity impact by corrupting coprocessor memory, potentially leading to arbitrary code execution or other system disruptions within the changed scope, though it does not directly affect confidentiality or availability.
Apple security advisories, detailed in support documents such as https://support.apple.com/en-us/121837, https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121843, and https://support.apple.com/en-us/121844, confirm the issue was fixed via improved bounds checks in the listed software updates. Mitigation requires applying these patches promptly to vulnerable systems.
Details
- CWE(s)