Medium severity5.5NVD Advisory· Published Dec 12, 2024· Updated Apr 2, 2026

CVE-2024-54500

Description

The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously crafted image may result in disclosure of process memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Processing a maliciously crafted image may disclose process memory on Apple devices; fixed in iOS 18.2, macOS Sequoia 15.2, and other updates.

CVE-2024-54500 is a vulnerability in Apple's image processing code that could lead to disclosure of process memory when handling a maliciously crafted image. The issue was addressed with improved checks in the operating system.

An attacker could exploit this vulnerability by delivering a specially crafted image to a user. If the user processes the image (e.g., by viewing it), the system may leak portions of process memory. No authentication is required, and the attack can be triggered remotely via a malicious image file.

Successful exploitation could result in the disclosure of sensitive information from process memory, such as cryptographic keys, passwords, or personal data. The CVSS v3 base score is 5.5 (Medium), reflecting the need for user interaction and the potential for memory read.

Apple has released patches in the following versions: iOS 18.2 and iPadOS 18.2 [2], iPadOS 17.7.3, macOS Sequoia 15.2 [1], macOS Sonoma 14.7.2 [3], macOS Ventura 13.7.2 [4], tvOS 18.2, visionOS 2.2, and watchOS 11.2. Users are advised to update to the latest available versions.

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <17.7.3
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <18.2
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: <13.7.2
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <18.2
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <2.2
Apple Inc./watchOS
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Range: <11.2
Apple Inc./iOSllm-fuzzy
Range: <18.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/121837nvdVendor Advisory
support.apple.com/en-us/121838nvdVendor Advisory
support.apple.com/en-us/121839nvdVendor Advisory
support.apple.com/en-us/121840nvdVendor Advisory
support.apple.com/en-us/121842nvdVendor Advisory
support.apple.com/en-us/121843nvdVendor Advisory
support.apple.com/en-us/121844nvdVendor Advisory
support.apple.com/en-us/121845nvdVendor Advisory
seclists.org/fulldisclosure/2024/Dec/10nvd
seclists.org/fulldisclosure/2024/Dec/12nvd
seclists.org/fulldisclosure/2024/Dec/6nvd
seclists.org/fulldisclosure/2024/Dec/7nvd
seclists.org/fulldisclosure/2024/Dec/9nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000