CVE-2024-54505

A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121837	Vendor Advisory
https://support.apple.com/en-us/121838	Vendor Advisory
https://support.apple.com/en-us/121839	Vendor Advisory
https://support.apple.com/en-us/121843	Vendor Advisory
https://support.apple.com/en-us/121844	Vendor Advisory
https://support.apple.com/en-us/121845	Vendor Advisory
https://support.apple.com/en-us/121846	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

13 Dec 2024, 18:43

Type	Values Removed	Values Added
First Time		Apple visionos Apple tvos Apple macos Apple ipados Apple iphone Os Apple safari Apple Apple watchos
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:a:apple:safari:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:visionos::::::::
References	~~() https://support.apple.com/en-us/121837 -~~	() https://support.apple.com/en-us/121837 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121838 -~~	() https://support.apple.com/en-us/121838 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121839 -~~	() https://support.apple.com/en-us/121839 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121843 -~~	() https://support.apple.com/en-us/121843 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121844 -~~	() https://support.apple.com/en-us/121844 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121845 -~~	() https://support.apple.com/en-us/121845 - Vendor Advisory
References	~~() https://support.apple.com/en-us/121846 -~~	() https://support.apple.com/en-us/121846 - Vendor Advisory

12 Dec 2024, 19:15

Type	Values Removed	Values Added
Summary		(es) Se solucionó un problema de confusión de tipos mejorando el manejo de la memoria. Este problema se solucionó en iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 y iPadOS 18.2. El procesamiento de contenido web manipulado con fines malintencionados puede provocar daños en la memoria.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CWE		CWE-843

12 Dec 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-12 02:15

Updated : 2024-12-13 18:43

NVD link : CVE-2024-54505

Mitre link : CVE-2024-54505

CVE.ORG link : CVE-2024-54505

JSON object : View

Products Affected

apple

safari
visionos
iphone_os
watchos
macos
ipados
tvos

CWE

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

8.8 /10