CVE-2024-54502: Use After Free

Published Dec 11, 2024
·
Updated

Accounts. A logic issue was addressed with improved file handling.

Other sources

Accounts. This issue was addressed with improved data access restriction.

Apple

AirPlay. A null pointer dereference was addressed with improved input validation.

Apple

AirPlay. A type confusion issue was addressed with improved checks.

Apple

AirPlay. A use-after-free issue was addressed with improved memory management.

Apple

AirPlay. An access issue was addressed with improved access restrictions.

Apple

Credit

CVE-2024-45306, Seunghyun Lee, Brendon Tiszka(Google Project Zero), linjy(HKUS3Lab), chluo(WHUSecLab), Xiangwei Zhang(Tencent Security YUNDING LAB), Gary Kwong, Tashita Software Security, Lukas Bernhard, an anonymous researcher, Arsenii Kostromin (0x3c3e), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Anonymous(Trend Micro Zero Day Initiative), Junsung Lee(Trend Micro Zero Day Initiative), sohybbyk, CVE-2024-45490, Andrew James Gonzalez, Dragon Fruit Security (Davis Dai, ORAC 落云, Frank Du cooperative discovery), Abhay Kailasia@@abhay_kailasia(C), Rakeshkumar Talaviya, Tomomasa Hiraiwa, Talal Haj Bakry(Mysk Inc), Tommy Mysk@@mysk_co(Mysk Inc), Michael DePlante@@izobashi(Trend Micro's Zero Day Initiative), Jacob Braun, Rei@@reizydev, Kenneth Chew, Mickey Jin@@patch1t, Bistrit Dahal, Ye Zhang@@VAR10CK(Baidu Security), Joseph Ravichandran@@0xjprx(MIT CSAIL), 风沐云烟@@binary_fmyy, Wojciech Regula(SecuRing), Micheal Chukwu, Smi1e@@Smi1eSEC, Benjamin Hornbeck(ZUSO ART), Skadz@@skadz108(ZUSO ART), Chi Yuan Chang(ZUSO ART), taikosoup, Lehan Dilusha@@zafer, Uri Katz (Oligo Security), Yutong Xiu@@Sou1gh0st, Denis Tokarev@@illusionofcha0s, Kirin@@Pwnrin, CVE-2025-24085, CVE-2024-9681, LFY@@secsys(Fudan University), Michael (Biscuit) Thomas - @social.lol@@biscuit, Ian Beer(Google Project Zero), CVE-2025-27113, CVE-2024-56171, Jimmy, Jax Reissner, @@RenwaX23, Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Luyi Xing(Indiana University Bloomington), Richard Hyunho Im with routezero.security@@richeeta, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Minghao Lin@@Y1nKoc, Apple, Paul Bakker(ParagonERP), rheza@@ginggilBesel, Francisco Alonso@@revskills, Mickey Jin@@patch1t(Kandji), Csaba Fitzl@@theevilbit(Kandji), D4m0n, CertiK SkyFall Team, Dillon Franke(Google Project Zero), Michael Cohen, D’Angelo Gonzalez(CrowdStrike), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), 7feilee, Hyerean Jang, Taehun Kim, Youngjoo Shin, Meng Zhang (鲸落)(NorthSea), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), 神罚@@Pwnrin, Bohdan Stasiuk@@Bohdan_Stasiuk, CVE-2016-1246, CVE-2023-31484, CVE-2023-31486, CVE-2023-47100, Zhongquan Li@@Guluisacat, Yokesh Muthu K, Csaba Fitzl@@theevilbit(OffSec), Mickey Jin@@patch1t(Microsoft), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Amy@@asentientbot, Rodolphe BRUNETTI@@eisw0lf, Halle Winkler, Politepix theoffcuts.org, Trent Lloyd@@lathiat

Affected Software

17 affected componentsFixes available
debian/webkit2gtk<=2.44.2-1~deb11u1
2.46.5-1~deb11u12.46.5-1~deb12u12.46.5-1
debian/wpewebkit<=2.38.6-1~deb11u1, <=2.38.6-1
2.46.5-1
Apple visionOS<2.2
2.2
Apple Safari<18.2
18.2
Apple Safari<18.2
Apple iPadOS<18.2
Apple iPhone OS<18.2
Apple macOS>=15.0<15.2
Apple tvOS<18.2
Apple visionOS<2.2
Apple WatchOS<11.2
Apple WatchOS<11.2
11.2
Apple tvOS<18.2
18.2
Apple iOS<18.2
18.2
Apple iPadOS<18.2
18.2
Apple macOS Sequoia<15.2
15.2
Apple iPadOS<17.7.6
17.7.6

Event History

Dec 11, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
CVE Published
via MITRE·10:58 PM
Data Sourced
via MITRE·10:58 PM
DescriptionWeakness
Dec 12, 2024
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeaknessAffected Software
Dec 23, 2024
Data Sourced
via Red Hat·01:18 PM
DescriptionSeverityAffected Software
Jan 17, 2025
Data Sourced
via Ubuntu·04:02 PM
RemedyDescriptionSeverityAffected Software
Mar 31, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-54502?

CVE-2024-54502 has a high severity rating due to the logic issue affecting file handling and memory management.

2

How do I fix CVE-2024-54502?

To fix CVE-2024-54502, update your affected software to the latest version as specified in the remedy section.

3

What software is affected by CVE-2024-54502?

CVE-2024-54502 affects various software products, including Apple macOS, iOS, iPadOS, Safari, and WebKit packages.

4

What types of issues are addressed by CVE-2024-54502?

CVE-2024-54502 addresses issues related to logic errors, improved memory handling, and state management improvements.

5

Are there any known exploits for CVE-2024-54502?

There are currently no known public exploits specifically targeting CVE-2024-54502.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203