CVE-2024-54499Use After Free in Apple IOS AND Ipados

CWE-416Use After Free8 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 61.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple IOS AND IpadosApple MacosApple Tvos+4 more
Timeline
PublishedJan 27
Latest updateJan 28

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages11 packages

CVEListV5apple/tvos< 18.2
NVDapple/tvos< 18.2
CVEListV5apple/macos< 15.2
NVDapple/macos< 15.2
NVDapple/ipados< 18.2

🔴Vulnerability Details

2
GHSA
GHSA-5r86-xcpg-678m: A use-after-free issue was addressed with improved memory management2025-01-28
CVEList
CVE-2024-54499: A use-after-free issue was addressed with improved memory management2025-01-27

📋Vendor Advisories

5
Apple
CVE-2024-54499: macOS Sequoia 15.22024-12-11
Apple
CVE-2024-54499: watchOS11.22024-12-11
Apple
CVE-2024-54499: iOS18.2 and iPadOS18.22024-12-11
Apple
CVE-2024-54499: tvOS18.22024-12-11
Apple
CVE-2024-54499: visionOS2.22024-12-11
CVE-2024-54499 — Use After Free in Apple IOS AND Ipados | cvebase