CVE-2024-54534

Exploited in the Wild

NIST CVSS Scores

CVSS v3.1 Base Score: 9.8 (Critical)

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA CVSS Scores

CVSS v3.1 Base Score: 8.8 (High)

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Operating Systems Impacted

macOS Sequoia (prior to 15.2)
iOS (prior to 18.2)
iPadOS (prior to 18.2)
watchOS (prior to 11.2)
tvOS (prior to 18.2)
visionOS (prior to 2.2)

Applications Impacted

Safari (prior to 18.2)

Additional Resources

Description

CVE-2024-54534 is an out-of-bounds write vulnerability in WebKit, Apple's browser engine. Processing maliciously crafted web content may lead to memory corruption. Apple addressed this vulnerability by implementing improved memory handling in macOS Sequoia 15.2, iOS 18.2, iPadOS 18.2, Safari 18.2, watchOS 11.2, tvOS 18.2, and visionOS 2.2.

Impact

Exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected devices, leading to potential data breaches, unauthorized access, or further compromise of the system. The severity of this issue has been assessed as follows:

Stay up to date

Iru's weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.

Description

Impact

CVE-2021-30808

CVE-2023-23533

CVE-2025-24162

Stay up to date