SecuriTricks - CVE-2024-54551

Description

The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.

Product(s) Impacted

Vendor	Product	Versions
Apple	Watchos Tvos Safari Macos Sonoma Visionos Ios Ipados	10.6 17.6 17.6 14.6 1.3 17.6 17.6

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	apple	watchos	10.6	/	/	/	/	/	/	/
o	apple	tvos	17.6	/	/	/	/	/	/	/
a	apple	safari	17.6	/	/	/	/	/	/	/
o	apple	macos_sonoma	14.6	/	/	/	/	/	/	/
o	apple	visionos	1.3	/	/	/	/	/	/	/
o	apple	ios	17.6	/	/	/	/	/	/	/
o	apple	ipadOS	17.6	/	/	/	/	/	/	/

References

https://support.apple.com/en-us/120909

https://support.apple.com/en-us/120911

https://support.apple.com/en-us/120913

https://support.apple.com/en-us/120914

https://support.apple.com/en-us/120915

https://support.apple.com/en-us/120916

CVSS Score

7.5 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

View Vector String

Timeline

Published: March 21, 2025, 12:15 a.m.
Last Modified: March 21, 2025, 5:15 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@apple.com

CVE-2024-54551