SecuriTricks - CVE-2024-54538

Description

A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service.

Product(s) Impacted

Vendor	Product	Versions
Apple	Ipados Iphone Os Macos Tvos Visionos Watchos	* * * * * *

Weaknesses

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

*CPE(s)

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	apple	ipados	/	/	/	/	/	/	/	/
o	apple	ipados	/	/	/	/	/	/	/	/
o	apple	iphone_os	/	/	/	/	/	/	/	/
o	apple	iphone_os	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	tvos	/	/	/	/	/	/	/	/
o	apple	visionos	/	/	/	/	/	/	/	/
o	apple	watchos	/	/	/	/	/	/	/	/

References

https://support.apple.com/en-us/121563

https://support.apple.com/en-us/121565

https://support.apple.com/en-us/121566

https://support.apple.com/en-us/121567

https://support.apple.com/en-us/121568

https://support.apple.com/en-us/121569

https://support.apple.com/en-us/121570

CVSS Score

7.5 / 10

CVSS Data

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Date

Published: Dec. 20, 2024, 1:15 a.m.
Last Modified: Jan. 6, 2025, 3:11 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@apple.com

CVE-2024-54538