CVE-2024-54494

A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be written to.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121837	Vendor Advisory
https://support.apple.com/en-us/121838	Vendor Advisory
https://support.apple.com/en-us/121839	Vendor Advisory
https://support.apple.com/en-us/121840	Vendor Advisory
https://support.apple.com/en-us/121842	Vendor Advisory
https://support.apple.com/en-us/121843	Vendor Advisory
https://support.apple.com/en-us/121844	Vendor Advisory
https://support.apple.com/en-us/121845	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

13 Dec 2024, 18:31

Type	Values Removed	Values Added
Summary		(es) Se solucionó una condición de ejecución con una validación adicional. Este problema se solucionó en iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Un atacante podría crear una asignación de memoria de solo lectura en la que se pueda escribir.
First Time		Apple macos Apple ipados Apple iphone Os Apple Apple visionos Apple watchos Apple tvos
References	~~() https://support.apple.com/en-us/121837 -~~	() https://support.apple.com/en-us/121837 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121838 -~~	() https://support.apple.com/en-us/121838 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121839 -~~	() https://support.apple.com/en-us/121839 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121840 -~~	() https://support.apple.com/en-us/121840 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121842 -~~	() https://support.apple.com/en-us/121842 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121843 -~~	() https://support.apple.com/en-us/121843 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121844 -~~	() https://support.apple.com/en-us/121844 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121845 -~~	() https://support.apple.com/en-us/121845 - Vendor Advisory
CPE		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:visionos::::::::
CWE		CWE-362
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9

12 Dec 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-12 02:15

Updated : 2024-12-16 19:15

NVD link : CVE-2024-54494

Mitre link : CVE-2024-54494

CVE.ORG link : CVE-2024-54494

JSON object : View

Products Affected

apple

visionos
iphone_os
watchos
macos
ipados
tvos

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

5.9 /10