Memory Corruption Flaw in Apple Devices
CVE-2024-54523

6.3MEDIUM

Key Information:

Vendor: Apple
Status: TV OS; Mac OS; Watch OS; iOS And iPad OS
Vendor: CVE Published:; 27 January 2025

Summary

This vulnerability arises from improper bounds checks, which allows applications to potentially corrupt the memory allocated to the coprocessor. If exploited, this could lead to unpredictable behavior in affected systems. Apple has addressed this issue with updates in their latest operating systems, including macOS Sequoia 15.2, iOS 18.2, watchOS 11.2, tvOS 18.2, and iPadOS 18.2, urging users to update promptly to mitigate risks.

Affected Version(s)

iOS and iPadOS < 18.2

macOS < 15.2

tvOS < 18.2

References

https://support.apple.com/en-us/121844

https://support.apple.com/en-us/121839

https://support.apple.com/en-us/121843

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Dec 3, 2024