VYPR
← All advisories
High severity7.5NVD Advisory· Published Dec 12, 2024· Updated Apr 2, 2026

CVE-2024-54508

CVE-2024-54508

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Processing malicious web content in Safari and other Apple WebKit-based applications can cause an unexpected process crash due to a memory handling issue.

CVE-2024-54508 is a memory handling vulnerability in Apple's WebKit engine, affecting Safari and other applications that process web content. The issue arises from improper memory management, which can be triggered by maliciously crafted web content, leading to an unexpected process crash [1][2].

Exploitation

An attacker can exploit this vulnerability by hosting a specially crafted webpage or injecting malicious content into a website. When a user visits the page using a vulnerable version of Safari or any WebKit-based browser on affected Apple platforms, the exploit triggers the memory flaw, causing the browser or application to crash. No authentication is required, and the attack can be delivered remotely via standard web browsing [1][4].

Impact

Successful exploitation results in denial of service due to application termination. Although the crash itself does not lead to data theft or code execution, it can disrupt user activity and potentially be used in combination with other vulnerabilities for more severe attacks. Apple rates this as High severity with a CVSS v3 score of 7.5.

Mitigation

Apple has addressed the issue in updates: Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, and watchOS 11.2 [1][2][3][4]. Users are advised to update their devices to the latest available versions to mitigate the risk.

References
  1. About the security content of macOS Sequoia 15.2 - Apple Support
  2. About the security content of iOS18.2 and iPadOS18.2 - Apple Support
  3. About the security content of iPadOS 17.7.6 - Apple Support
  4. About the security content of watchOS11.2 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

53

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

13

News mentions

0

No linked articles in our index yet.