CVE-2024-54497: Use After Free
Published Dec 11, 2024
·Updated
Accounts. A logic issue was addressed with improved file handling.
Other sources
AirPlay. A type confusion issue was addressed with improved checks.
— Apple
APFS. This issue was addressed through improved state management.
— Apple
Apple Account. The issue was addressed with improved handling of protocols.
— Apple
Apple Software Restore. The issue was addressed with improved checks.
— Apple
AppleGraphicsControl. The issue was addressed with improved checks.
— Apple
Credit
Arsenii Kostromin (0x3c3e), an anonymous researcher, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Gary Kwong, Anonymous(Trend Micro Zero Day Initiative), Junsung Lee(Trend Micro Zero Day Initiative), sohybbyk, CVE-2024-45490, Andrew James Gonzalez, Dragon Fruit Security (Davis Dai, ORAC 落云, Frank Du cooperative discovery), Abhay Kailasia@@abhay_kailasia(C), Rakeshkumar Talaviya, Tomomasa Hiraiwa, Talal Haj Bakry(Mysk Inc), Tommy Mysk@@mysk_co(Mysk Inc), Michael DePlante@@izobashi(Trend Micro's Zero Day Initiative), CVE-2024-45306, Seunghyun Lee, Brendon Tiszka(Google Project Zero), linjy(HKUS3Lab), chluo(WHUSecLab), Xiangwei Zhang(Tencent Security YUNDING LAB), Tashita Software Security, Lukas Bernhard, Rei@@reizydev, Kenneth Chew, Mickey Jin@@patch1t, Bistrit Dahal, Ye Zhang@@VAR10CK(Baidu Security), Joseph Ravichandran@@0xjprx(MIT CSAIL), 风沐云烟@@binary_fmyy, Wojciech Regula(SecuRing), Jacob Braun, Micheal Chukwu, Smi1e@@Smi1eSEC, Benjamin Hornbeck(ZUSO ART), Skadz@@skadz108(ZUSO ART), Chi Yuan Chang(ZUSO ART), taikosoup, Ivan Fratric(Google Project Zero), Hichem Maloufi, Hakim Boukhadra, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), DongJun Kim@@smlijun, JongSeong Kim in Enki WhiteHat@@nevul37, D4m0n, pattern-f@@pattern_F_, Michael (Biscuit) Thomas @social.lol)@@biscuit, Song Hyun Bae@@bshyuunn, Lee Dong Ha (Who4mI), Kirin@@Pwnrin, Uri Katz (Oligo Security), Minghao Lin@@Y1nKoc(Zhejiang University), babywu(Zhejiang University), (Zhejiang University), Xingwei Lin(Zhejiang University), Google Threat Analysis Group, Desmond(Trend Micro Zero Day Initiative), Pwn2car & Rotiple(HyeongSeok Jang)(Trend Micro Zero Day Initiative), Mickey Jin@@patch1t(Kandji), Csaba Fitzl@@theevilbit(Kandji), CertiK SkyFall Team, Dillon Franke(Google Project Zero), Michael Cohen, D’Angelo Gonzalez(CrowdStrike), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), 7feilee, Hyerean Jang, Taehun Kim, Youngjoo Shin, Meng Zhang (鲸落)(NorthSea), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), 神罚@@Pwnrin, Bohdan Stasiuk@@Bohdan_Stasiuk, CVE-2016-1246, CVE-2023-31484, CVE-2023-31486, CVE-2023-47100, Zhongquan Li@@Guluisacat, Yokesh Muthu K, Csaba Fitzl@@theevilbit(OffSec), Mickey Jin@@patch1t(Microsoft), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Amy@@asentientbot, Rodolphe BRUNETTI@@eisw0lf, Halle Winkler, Politepix theoffcuts.org, Trent Lloyd@@lathiat, Wang Yu(Cyberserval), Joshua Jones, 风(binary_fmyy), Minghao Lin@@Y1nKoc, Pedro Tôrres@@t0rr3sp3dr0, Yiğit Can YILMAZ@@yilmazcanyigit, Junsung Lee, Yann GASCUEL(Alter Solutions), Eric Dorphy(Twin Cities App Dev LLC), jioundai(360 Vulnerability Research Institute), chen fengjiao(HBC), PixiePoint Security, Minghao Lin@(Y1nKoc), Adam M.
Affected Software
26 affected componentsFixes available
Apple visionOS<2.2
2.2
Apple iPadOS<17.7.4
Apple macOS Ventura<13.7.3
Apple macOS Sonoma<14.7.3
Apple visionOS<2.2
Apple tvOS<18.2
Apple WatchOS<11.2
Apple iOS<18.2
Apple macOS Sequoia<15.2
Apple iPadOS<17.7.4
Apple iPadOS>=18.0<18.2
Apple iPhone OS<18.2
Apple macOS<13.7.3
Apple macOS>=14.0<=14.7.3
Apple macOS>=15.0<15.2
Apple tvOS<18.2
Apple visionOS<2.2
Apple WatchOS<11.2
Apple WatchOS<11.2
11.2
Apple tvOS<18.2
18.2
Apple iOS<18.2
18.2
Apple iPadOS<18.2
18.2
Apple iPadOS<17.7.4
17.7.4
Apple macOS Ventura<13.7.3
13.7.3
Apple macOS Sonoma<14.7.3
14.7.3
Apple macOS Sequoia<15.2
15.2
Event History
Dec 11, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Jan 27, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
CVE Published
via MITRE·09:46 PM
Data Sourced
via MITRE·09:46 PM
DescriptionWeakness
Data Sourced
via NVD·10:15 PM
DescriptionSeverityWeaknessAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2024-54541
- CVE-2024-54513
- CVE-2024-54486
- CVE-2024-54478
- CVE-2024-54499
- CVE-2024-54500
- CVE-2024-44245
- CVE-2024-54494
- CVE-2024-45490
- CVE-2024-54525
- CVE-2024-54530
- CVE-2024-54492
- CVE-2024-54497
- CVE-2024-54501
- CVE-2024-45306
- CVE-2024-54479
- CVE-2024-54502
- CVE-2024-54508
- CVE-2024-54505
- CVE-2024-54534
- CVE-2024-54543
- CVE-2024-40864
- CVE-2024-54526
- CVE-2024-54527
- CVE-2024-54512
- CVE-2024-54517
- CVE-2024-54518
- CVE-2024-54522
- CVE-2024-54523
- CVE-2024-54468
- CVE-2024-54510
- CVE-2024-54514
- CVE-2024-44225
- CVE-2024-54542
- CVE-2024-54488
- CVE-2024-54503
- CVE-2024-54550
- CVE-2024-54507
- CVE-2024-44276
- CVE-2024-44246
- CVE-2024-54485
- CVE-2025-24137
- CVE-2025-24127
- CVE-2025-24161
- CVE-2025-24160
- CVE-2025-24163
- CVE-2025-24123
- CVE-2025-24124
- CVE-2025-24102
- CVE-2025-24086
- CVE-2025-24118
- CVE-2025-24159
- CVE-2025-24117
- CVE-2025-24166
- CVE-2025-24104
- CVE-2025-24149
- CVE-2025-24184
- CVE-2024-55549
- CVE-2025-24855
- CVE-2024-54477
- CVE-2024-44220
- CVE-2024-54490
- CVE-2024-54509
- CVE-2024-54568
- CVE-2024-54529
- CVE-2024-44271
- CVE-2024-44300
- CVE-2024-54466
- CVE-2024-54489
- CVE-2024-54547
- CVE-2024-54519
- CVE-2024-44291
- CVE-2024-54506
- CVE-2024-54531
- CVE-2024-54465
- CVE-2024-54491
- CVE-2024-54484
- CVE-2024-54536
- CVE-2024-54504
- CVE-2024-54474
- CVE-2024-54476
- CVE-2016-1246
- CVE-2023-31484
- CVE-2023-31486
- CVE-2023-47100
- CVE-2023-32395
- CVE-2024-54537
- CVE-2024-54559
- CVE-2024-54557
- CVE-2024-54516
- CVE-2024-54515
- CVE-2024-54528
- CVE-2024-54524
- CVE-2024-54498
- CVE-2024-54493
- CVE-2024-54533
- CVE-2024-44243
- CVE-2024-44224
- CVE-2024-54495
- CVE-2024-54549
- CVE-2024-54475
- CVE-2024-54520
- CVE-2024-54539
- CVE-2024-54565
- CVE-2025-24109
- CVE-2025-24100
- CVE-2025-24114
- CVE-2025-24121
- CVE-2025-24122
- CVE-2025-24106
- CVE-2024-44172
- CVE-2025-24174
- CVE-2025-24094
- CVE-2025-24115
- CVE-2025-24116
- CVE-2025-24136
- CVE-2025-24099
- CVE-2025-24130
- CVE-2025-24183
- CVE-2025-24146
- CVE-2025-24093
- CVE-2025-24103
- CVE-2025-24185
- CVE-2025-24139
- CVE-2025-24151
- CVE-2025-24138
- CVE-2025-24176
- CVE-2025-31242
- CVE-2025-31248
- CVE-2025-24154
- CVE-2025-43374
- CVE-2025-24120
- CVE-2025-24156
- CVE-2025-24112
- CVE-2025-24092
Frequently Asked Questions
1
What is the severity of CVE-2024-54497?
CVE-2024-54497 is classified as a denial-of-service vulnerability.
2
How do I fix CVE-2024-54497?
To fix CVE-2024-54497, update to the latest versions of the affected software as indicated in the vulnerability details.
3
What software is affected by CVE-2024-54497?
CVE-2024-54497 affects several Apple products, including iPadOS, macOS Ventura, macOS Sonoma, visionOS, tvOS, watchOS, iOS, and macOS Sequoia.
4
What versions of software contain the fix for CVE-2024-54497?
The fix for CVE-2024-54497 is included in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2, and macOS Sequoia 15.2.
5
What issue does CVE-2024-54497 address?
CVE-2024-54497 addresses an issue where processing web content could potentially lead to a denial-of-service condition.