Denial-of-Service Vulnerability in Apple Products Due to Input Validation Issues
CVE-2024-54538

7.5HIGH

Key Information:

Vendor: Apple
Status: Mac OS; iPhone OS; iPad OS; Watch OS
Vendor: CVE Published:; 20 December 2024

Summary

CVE-2024-54538 is a critical denial-of-service vulnerability affecting multiple Apple operating systems. The flaw stems from inadequate input validation, allowing a remote attacker to exploit this vulnerability and potentially disrupt services. Recent updates have addressed this issue, with fixes implemented in visionOS 2.1, iOS 18.1, iPadOS 18.1, iOS 17.7.1, iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, and macOS Ventura 13.7.1. Users are strongly advised to update their devices to mitigate any security risks.

References

https://support.apple.com/en-us/121563

https://support.apple.com/en-us/121565

https://support.apple.com/en-us/121566

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2024