CVE-2024-54507

5.5

Medium

Published:27 Jan 2025

Last updated:17 Jun 2026

Source:product-security@apple.com

Modified

Weakness (CWE)

CWE-843CWE-843
CWE-125Out-of-bounds Read

CVSS Vector

v3.1

Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None

View on MITRE Find PoC on GitHub

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An attacker with user privileges may be able to read kernel memory.

References

product-security@apple.com

https://support.apple.com/en-us/121837

product-security@apple.com

https://support.apple.com/en-us/121839