CVE-2024-54465: Use After Free

Q: What is the severity of CVE-2024-54465?

CVE-2024-54465 has been assigned a medium severity rating due to its potential impact on privilege escalation.

Q: How do I fix CVE-2024-54465?

To fix CVE-2024-54465, update your macOS to version 15.2 or later.

Q: What type of issue is CVE-2024-54465?

CVE-2024-54465 is a logic issue that was addressed with improved state management and file handling.

Q: Which software is affected by CVE-2024-54465?

CVE-2024-54465 affects macOS Sequoia versions prior to 15.2.

Q: Can an app exploit CVE-2024-54465?

Yes, an app may be able to exploit CVE-2024-54465 to elevate privileges.

Published Dec 11, 2024

Updated

A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges.

Other sources

Accounts. A logic issue was addressed with improved file handling.

— Apple

APFS. This issue was addressed through improved state management.

— Apple

Apple Account. The issue was addressed with improved handling of protocols.

— Apple

Apple Software Restore. The issue was addressed with improved checks.

— Apple

AppleGraphicsControl. The issue was addressed with improved memory handling.

— Apple

Credit

Mickey Jin@@patch1t(Kandji), Csaba Fitzl@@theevilbit(Kandji), D4m0n, Mickey Jin@@patch1t, Arsenii Kostromin (0x3c3e), CertiK SkyFall Team, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Dillon Franke(Google Project Zero), Smi1e@@Smi1eSEC, an anonymous researcher, Michael Cohen, D’Angelo Gonzalez(CrowdStrike), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Kirin@@Pwnrin, 7feilee, Gary Kwong, Anonymous(Trend Micro Zero Day Initiative), Junsung Lee(Trend Micro Zero Day Initiative), Ye Zhang@@VAR10CK(Baidu Security), Joseph Ravichandran@@0xjprx(MIT CSAIL), sohybbyk, Hyerean Jang, Taehun Kim, Youngjoo Shin, CVE-2024-45490, 风沐云烟@@binary_fmyy, Meng Zhang (鲸落)(NorthSea), Andrew James Gonzalez, Dragon Fruit Security (Davis Dai, ORAC 落云, Frank Du cooperative discovery), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), 神罚@@Pwnrin, Bohdan Stasiuk@@Bohdan_Stasiuk, Abhay Kailasia@@abhay_kailasia(C), Rakeshkumar Talaviya, Tomomasa Hiraiwa, Talal Haj Bakry(Mysk Inc), Tommy Mysk@@mysk_co(Mysk Inc), CVE-2016-1246, CVE-2023-31484, CVE-2023-31486, CVE-2023-47100, Jacob Braun, Rei@@reizydev, Kenneth Chew, Zhongquan Li@@Guluisacat, Michael DePlante@@izobashi(Trend Micro's Zero Day Initiative), Yokesh Muthu K, Csaba Fitzl@@theevilbit(OffSec), Mickey Jin@@patch1t(Microsoft), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Amy@@asentientbot, Rodolphe BRUNETTI@@eisw0lf, CVE-2024-45306, Seunghyun Lee, Brendon Tiszka(Google Project Zero), linjy(HKUS3Lab), chluo(WHUSecLab), Xiangwei Zhang(Tencent Security YUNDING LAB), Tashita Software Security, Lukas Bernhard, Halle Winkler, Politepix theoffcuts.org, Trent Lloyd@@lathiat, Wojciech Regula(SecuRing), Benjamin Hornbeck(ZUSO ART), Skadz@@skadz108(ZUSO ART), Chi Yuan Chang(ZUSO ART), taikosoup

Affected Software

2 affected componentsFixes available

Apple macOS<15.2

apple macOS Sequoia<15.2

15.2

Event History

Dec 11, 2024

Data Sourced

via Apple·12:00 AM

DescriptionWeaknessAffected Software

Updated

via Apple·12:00 AM

DescriptionWeakness

Updated

via Apple·12:00 AM

Description

CVE Published

via MITRE·10:56 PM

Data Sourced

via MITRE·10:56 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

APPLE-121839

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2024-54488
CVE-2024-54541
CVE-2024-40864
CVE-2024-54477
CVE-2024-44220
CVE-2024-54526
CVE-2024-54527
CVE-2024-54490
CVE-2024-54509
CVE-2024-54568
CVE-2024-54529
CVE-2024-54550
CVE-2024-44271
CVE-2024-54513
CVE-2024-44300
CVE-2024-54466
CVE-2024-54489
CVE-2024-54547
CVE-2024-54519
CVE-2024-54486
CVE-2024-44291
CVE-2024-54478
CVE-2024-54499
CVE-2024-54500
CVE-2024-54517
CVE-2024-54518
CVE-2024-54522
CVE-2024-54523
CVE-2024-54506
CVE-2024-54468
CVE-2024-54507
CVE-2024-54494
CVE-2024-54510
CVE-2024-44245
CVE-2024-54531
CVE-2024-54465
CVE-2024-45490
CVE-2024-54514
CVE-2024-44225
CVE-2024-54491
CVE-2024-54484
CVE-2024-54525
CVE-2024-54536
CVE-2024-54504
CVE-2024-54474
CVE-2024-54476
CVE-2024-54530
CVE-2024-54492
CVE-2016-1246
CVE-2023-31484
CVE-2023-31486
CVE-2023-47100
CVE-2023-32395
CVE-2024-54497
CVE-2024-54537
CVE-2024-44246
CVE-2024-54542
CVE-2024-54559
CVE-2024-54501
CVE-2024-54557
CVE-2024-54516
CVE-2024-54515
CVE-2024-54528
CVE-2024-54524
CVE-2024-54498
CVE-2024-54493
CVE-2024-54533
CVE-2024-44243
CVE-2024-44224
CVE-2024-54495
CVE-2024-54549
CVE-2024-54475
CVE-2024-54520
CVE-2024-45306
CVE-2024-54485
CVE-2024-54479
CVE-2024-54502
CVE-2024-54508
CVE-2024-54505
CVE-2024-54534
CVE-2024-54543
CVE-2024-54539
CVE-2024-54565

Frequently Asked Questions

What is the severity of CVE-2024-54465?

CVE-2024-54465 has been assigned a medium severity rating due to its potential impact on privilege escalation.

How do I fix CVE-2024-54465?

To fix CVE-2024-54465, update your macOS to version 15.2 or later.

What type of issue is CVE-2024-54465?

CVE-2024-54465 is a logic issue that was addressed with improved state management and file handling.

Which software is affected by CVE-2024-54465?

CVE-2024-54465 affects macOS Sequoia versions prior to 15.2.

Can an app exploit CVE-2024-54465?

Yes, an app may be able to exploit CVE-2024-54465 to elevate privileges.

CVE-2024-54465: Use After Free

Other sources

Credit

Affected Software

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-54465?

How do I fix CVE-2024-54465?

What type of issue is CVE-2024-54465?

Which software is affected by CVE-2024-54465?

Can an app exploit CVE-2024-54465?

Company

Resources

Contact