CVE-2024-54505 : A type confusion issue was addressed with improved memory handling. This issue i

A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.

Published 2024-12-12 02:15:31

Updated 2024-12-13 18:43:13

Source Apple Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2024-54505

Apple » Safari
Versions before (<) 18.2
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os
Versions before (<) 18.2
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Watchos
Versions before (<) 11.2
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Matching versions
Apple » Tvos
Versions before (<) 18.2
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions
Apple » Macos
Versions before (<) 15.2
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Matching versions
Apple » Ipados
Versions before (<) 17.7.3
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Matching versions
Apple » Ipados
Versions from including (>=) 18.0 and before (<) 18.2
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Matching versions
Apple » Visionos
Versions before (<) 2.2
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-54505

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 40 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-54505

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-12-12
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2024-12-13
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2024-54505

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2024-54505

https://support.apple.com/en-us/121844

About the security content of tvOS 18.2 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/en-us/121843

About the security content of watchOS 11.2 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/en-us/121846

About the security content of Safari 18.2 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/en-us/121839

About the security content of macOS Sequoia 15.2 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/en-us/121837

About the security content of iOS 18.2 and iPadOS 18.2 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/en-us/121845

About the security content of visionOS 2.2 - Apple Support
Vendor Advisory

CVEs referencing this url
https://support.apple.com/en-us/121838

About the security content of iPadOS 17.7.3 - Apple Support
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2024-54505

Products affected by CVE-2024-54505

Exploit prediction scoring system (EPSS) score for CVE-2024-54505

CVSS scores for CVE-2024-54505

CWE ids for CVE-2024-54505

References for CVE-2024-54505