CVE-2024-54509

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121839	Release Notes
https://support.apple.com/en-us/121840	Release Notes
https://support.apple.com/en-us/122069	Release Notes
http://seclists.org/fulldisclosure/2025/Jan/16

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

History

No history.

Information

Published : 2025-01-27 22:15

Updated : 2025-11-03 21:17

NVD link : CVE-2024-54509

Mitre link : CVE-2024-54509

CVE.ORG link : CVE-2024-54509

JSON object : View

Products Affected

apple

macos

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-54509", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-01-27T22:15:12.867", "references": [{"url": "https://support.apple.com/en-us/121839", "tags": ["Release Notes"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/121840", "tags": ["Release Notes"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/122069", "tags": ["Release Notes"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2025/Jan/16", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de escritura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Sonoma 14.7.3. Es posible que una aplicaci\u00f3n pueda provocar una terminaci\u00f3n inesperada de sistema o escribir en la memoria del kernel."}], "lastModified": "2025-11-03T21:17:49.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDA872B0-E74D-48A7-ADAE-EA2701F97007", "versionEndExcluding": "14.7.2"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A29E5D37-B333-4B43-9E4A-012CDD2C406D", "versionEndExcluding": "15.2", "versionStartIncluding": "15.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}