CVE-2024-54543: Use After Free
Published Dec 11, 2024
·Updated
Accounts. A logic issue was addressed with improved file handling.
Other sources
Accounts. This issue was addressed with improved data access restriction.
— Apple
AirPlay. A null pointer dereference was addressed with improved input validation.
— Apple
AirPlay. A type confusion issue was addressed with improved checks.
— Apple
AirPlay. A use-after-free issue was addressed with improved memory management.
— Apple
AirPlay. An access issue was addressed with improved access restrictions.
— Apple
Credit
CVE-2024-45306, Seunghyun Lee, Brendon Tiszka(Google Project Zero), linjy(HKUS3Lab), chluo(WHUSecLab), Xiangwei Zhang(Tencent Security YUNDING LAB), Gary Kwong, Tashita Software Security, Lukas Bernhard, an anonymous researcher, Arsenii Kostromin (0x3c3e), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Anonymous(Trend Micro Zero Day Initiative), Junsung Lee(Trend Micro Zero Day Initiative), sohybbyk, CVE-2024-45490, Andrew James Gonzalez, Dragon Fruit Security (Davis Dai, ORAC 落云, Frank Du cooperative discovery), Abhay Kailasia@@abhay_kailasia(C), Rakeshkumar Talaviya, Tomomasa Hiraiwa, Talal Haj Bakry(Mysk Inc), Tommy Mysk@@mysk_co(Mysk Inc), Michael DePlante@@izobashi(Trend Micro's Zero Day Initiative), Jacob Braun, Rei@@reizydev, Kenneth Chew, Mickey Jin@@patch1t, Bistrit Dahal, Ye Zhang@@VAR10CK(Baidu Security), Joseph Ravichandran@@0xjprx(MIT CSAIL), 风沐云烟@@binary_fmyy, Wojciech Regula(SecuRing), Micheal Chukwu, Smi1e@@Smi1eSEC, Benjamin Hornbeck(ZUSO ART), Skadz@@skadz108(ZUSO ART), Chi Yuan Chang(ZUSO ART), taikosoup, Lehan Dilusha@@zafer, Uri Katz (Oligo Security), Yutong Xiu@@Sou1gh0st, Denis Tokarev@@illusionofcha0s, Kirin@@Pwnrin, CVE-2025-24085, CVE-2024-9681, LFY@@secsys(Fudan University), Michael (Biscuit) Thomas - @social.lol@@biscuit, Ian Beer(Google Project Zero), CVE-2025-27113, CVE-2024-56171, Jimmy, Jax Reissner, @@RenwaX23, Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Luyi Xing(Indiana University Bloomington), Richard Hyunho Im with routezero.security@@richeeta, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Minghao Lin@@Y1nKoc, Apple, Paul Bakker(ParagonERP), rheza@@ginggilBesel, Francisco Alonso@@revskills, Mickey Jin@@patch1t(Kandji), Csaba Fitzl@@theevilbit(Kandji), D4m0n, CertiK SkyFall Team, Dillon Franke(Google Project Zero), Michael Cohen, D’Angelo Gonzalez(CrowdStrike), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), 7feilee, Hyerean Jang, Taehun Kim, Youngjoo Shin, Meng Zhang (鲸落)(NorthSea), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), 神罚@@Pwnrin, Bohdan Stasiuk@@Bohdan_Stasiuk, CVE-2016-1246, CVE-2023-31484, CVE-2023-31486, CVE-2023-47100, Zhongquan Li@@Guluisacat, Yokesh Muthu K, Csaba Fitzl@@theevilbit(OffSec), Mickey Jin@@patch1t(Microsoft), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Amy@@asentientbot, Rodolphe BRUNETTI@@eisw0lf, Halle Winkler, Politepix theoffcuts.org, Trent Lloyd@@lathiat
Affected Software
22 affected componentsFixes available
Apple visionOS<2.2
2.2
Apple Safari<18.2
18.2
Apple visionOS<2.2
Apple tvOS<18.2
Apple Safari<18.2
Apple WatchOS<11.2
Apple iOS<18.2
Apple iPadOS<18.2
Apple macOS Sequoia<15.2
Apple Safari<18.2
Apple iPadOS<18.2
Apple iPhone OS<18.2
Apple macOS<15.2
Apple tvOS<18.2
Apple visionOS<2.2
Apple WatchOS<11.2
Apple WatchOS<11.2
11.2
Apple tvOS<18.2
18.2
Apple iOS<18.2
18.2
Apple iPadOS<18.2
18.2
Apple macOS Sequoia<15.2
15.2
Apple iPadOS<17.7.6
17.7.6
Event History
Dec 11, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Jan 27, 2025
CVE Published
via MITRE·09:46 PM
Data Sourced
via MITRE·09:46 PM
DescriptionWeakness
Data Sourced
via NVD·10:15 PM
DescriptionSeverityWeaknessAffected Software
Feb 10, 2025
Data Sourced
via Red Hat·09:37 AM
DescriptionSeverityAffected Software
Mar 31, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2024-54541
- CVE-2024-54513
- CVE-2024-54486
- CVE-2024-54478
- CVE-2024-54499
- CVE-2024-54500
- CVE-2024-44245
- CVE-2024-54494
- CVE-2024-45490
- CVE-2024-54525
- CVE-2024-54530
- CVE-2024-54492
- CVE-2024-54497
- CVE-2024-54501
- CVE-2024-45306
- CVE-2024-54479
- CVE-2024-54502
- CVE-2024-54508
- CVE-2024-54505
- CVE-2024-54534
- CVE-2024-54543
- CVE-2024-44246
- CVE-2024-54542
- CVE-2024-40864
- CVE-2024-54526
- CVE-2024-54527
- CVE-2024-54512
- CVE-2024-54517
- CVE-2024-54518
- CVE-2024-54522
- CVE-2024-54523
- CVE-2024-54468
- CVE-2024-54510
- CVE-2024-54514
- CVE-2024-44225
- CVE-2024-54488
- CVE-2024-54503
- CVE-2024-54550
- CVE-2024-54507
- CVE-2024-44276
- CVE-2024-54485
- CVE-2025-24221
- CVE-2025-24131
- CVE-2025-24270
- CVE-2025-24271
- CVE-2025-24177
- CVE-2025-24179
- CVE-2025-24251
- CVE-2025-31197
- CVE-2025-24252
- CVE-2025-30445
- CVE-2025-24206
- CVE-2025-43205
- CVE-2025-24243
- CVE-2025-24244
- CVE-2025-24237
- CVE-2025-30429
- CVE-2025-24212
- CVE-2025-24215
- CVE-2025-24230
- CVE-2025-24085
- CVE-2025-24190
- CVE-2025-24211
- CVE-2025-31203
- CVE-2024-9681
- CVE-2025-30447
- CVE-2025-24210
- CVE-2025-30432
- CVE-2025-24203
- CVE-2025-27113
- CVE-2024-56171
- CVE-2025-24178
- CVE-2025-30426
- CVE-2025-30428
- CVE-2025-24173
- CVE-2025-24113
- CVE-2025-30471
- CVE-2025-30465
- CVE-2025-30433
- CVE-2025-24198
- CVE-2025-24205
- CVE-2025-24201
- CVE-2025-30425
- CVE-2025-24216
- CVE-2025-24264
- CVE-2025-30427
- CVE-2025-24209
- CVE-2024-54477
- CVE-2024-44220
- CVE-2024-54490
- CVE-2024-54509
- CVE-2024-54568
- CVE-2024-54529
- CVE-2024-44271
- CVE-2024-44300
- CVE-2024-54466
- CVE-2024-54489
- CVE-2024-54547
- CVE-2024-54519
- CVE-2024-44291
- CVE-2024-54506
- CVE-2024-54531
- CVE-2024-54465
- CVE-2024-54491
- CVE-2024-54484
- CVE-2024-54536
- CVE-2024-54504
- CVE-2024-54474
- CVE-2024-54476
- CVE-2016-1246
- CVE-2023-31484
- CVE-2023-31486
- CVE-2023-47100
- CVE-2023-32395
- CVE-2024-54537
- CVE-2024-54559
- CVE-2024-54557
- CVE-2024-54516
- CVE-2024-54515
- CVE-2024-54528
- CVE-2024-54524
- CVE-2024-54498
- CVE-2024-54493
- CVE-2024-54533
- CVE-2024-44243
- CVE-2024-44224
- CVE-2024-54495
- CVE-2024-54549
- CVE-2024-54475
- CVE-2024-54520
- CVE-2024-54539
- CVE-2024-54565
Frequently Asked Questions
1
What is the severity of CVE-2024-54543?
CVE-2024-54543 has a high severity due to its potential for memory corruption from maliciously crafted web content.
2
How do I fix CVE-2024-54543?
To fix CVE-2024-54543, update your device to the latest version of the affected software: visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2, iPadOS 18.2, or macOS Sequoia 15.2.
3
What systems are affected by CVE-2024-54543?
CVE-2024-54543 affects Apple visionOS, tvOS, Safari, watchOS, iOS, iPadOS, and macOS Sequoia prior to their respective fixed versions.
4
What kind of attacks can exploit CVE-2024-54543?
CVE-2024-54543 can be exploited through processing maliciously crafted web content that leads to memory corruption.
5
Is there a workaround for CVE-2024-54543?
There are no specific workarounds for CVE-2024-54543, and users are advised to update to the patched versions as soon as possible.