CVE-2024-54534

Exploited in the Wild

NIST CVSS Scores

CVSS v3.1 Base Score: 9.8 (Critical)

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA CVSS Scores

CVSS v3.1 Base Score: 8.8 (High)

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Operating Systems Impacted

macOS Sequoia (prior to 15.2)
iOS (prior to 18.2)
iPadOS (prior to 18.2)
watchOS (prior to 11.2)
tvOS (prior to 18.2)
visionOS (prior to 2.2)

Applications Impacted

Safari (prior to 18.2)

Additional Resources

Description

CVE-2024-54534 is an out-of-bounds write vulnerability in WebKit, Apple's browser engine. Processing maliciously crafted web content may lead to memory corruption. Apple addressed this vulnerability by implementing improved memory handling in macOS Sequoia 15.2, iOS 18.2, iPadOS 18.2, Safari 18.2, watchOS 11.2, tvOS 18.2, and visionOS 2.2.

Impact

Exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected devices, leading to potential data breaches, unauthorized access, or further compromise of the system. The severity of this issue has been assessed as follows: