CVE-2024-54551

CVE-2024-54551 is a memory handling vulnerability (CWE-119) affecting Apple's Safari browser and related components across multiple platforms. The flaw, which received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), enables denial-of-service when processing web content. It impacts versions of Safari prior to 17.6, iOS prior to 17.6, iPadOS prior to 17.6, macOS Sonoma prior to 14.6, tvOS prior to 17.6, visionOS prior to 1.3, and watchOS prior to 10.6.

Remote attackers require no privileges or user interaction to exploit the vulnerability over the network with low complexity. By delivering malicious web content, such as via a crafted webpage, an attacker can trigger the memory handling issue, resulting in a denial-of-service condition, typically manifesting as an application crash or arbitrary code execution disruption limited to availability impact.

Apple security advisories confirm the issue was addressed through improved memory handling in the specified fixed releases: Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, and watchOS 10.6. Security practitioners should prioritize updating affected devices to these versions or later to mitigate the risk, as detailed in Apple's support documents at https://support.apple.com/en-us/120909, https://support.apple.com/en-us/120911, https://support.apple.com/en-us/120913, https://support.apple.com/en-us/120914, and https://support.apple.com/en-us/120915.