First published: Wed Dec 11 2024(Updated: )
Accounts. A logic issue was addressed with improved file handling.
Credit: Benjamin Hornbeck ZUSO ARTSkadz @skadz108 ZUSO ARTChi Yuan Chang ZUSO ARTtaikosoup Arsenii Kostromin (0x3c3e) an anonymous researcher Mickey Jin @patch1t Micheal Chukwu Smi1e @Smi1eSEC Bistrit Dahal Hossein Lotfi @hosselot Trend Micro Zero Day InitiativeGary Kwong Anonymous Trend Micro Zero Day InitiativeJunsung Lee Trend Micro Zero Day InitiativeYe Zhang @VAR10CK Baidu SecurityJoseph Ravichandran @0xjprx MIT CSAILsohybbyk CVE-2024-45490 风沐云烟 @binary_fmyy Abhay Kailasia @abhay_kailasia CRakeshkumar Talaviya Talal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncJacob Braun Rei @reizydev Kenneth Chew Michael DePlante @izobashi Trend Micro's Zero Day InitiativeCVE-2024-45306 Seunghyun Lee Brendon Tiszka Google Project Zerolinjy HKUS3Labchluo WHUSecLabXiangwei Zhang Tencent Security YUNDING LABTashita Software Security Lukas Bernhard Rodolphe BRUNETTI @eisw0lf Lupus NovaKirin @Pwnrin 7feilee Hyerean Jang Taehun Kim Youngjoo Shin Meng Zhang (鲸落) NorthSeaClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco Talos神罚 @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Yokesh Muthu K Mickey Jin @patch1t MicrosoftJonathan Bar Or @yo_yo_yo_jbo MicrosoftAmy @asentientbot Rodolphe BRUNETTI @eisw0lf Halle Winkler Politepix theoffcuts.org Trent Lloyd @lathiat D’Angelo Gonzalez CrowdStrikeDongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra Michael DePlante @izobashi Trend Micro Zero Day InitiativeUri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeMichael Cohen Mickey Jin @patch1t KandjiCsaba Fitzl @theevilbit KandjiCertiK SkyFall Team Dillon Franke Google Project Zero product-security@apple.com Wang Yu CyberservalJoshua Jones 云散 Pedro Tôrres @t0rr3sp3dr0 Yiğit Can YILMAZ @yilmazcanyigit Zhongquan Li @Guluisacat Yann GASCUEL Alter SolutionsAdam M. PixiePoint Security
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS Sequoia | <15.2 | 15.2 |
Apple visionOS | <2.2 | 2.2 |
watchOS | <11.2 | 11.2 |
tvOS | <18.2 | 18.2 |
Apple macOS | <14.7.3 | 14.7.3 |
Apple macOS | <13.7.3 | 13.7.3 |
iPadOS | <17.7.4 | |
Apple macOS | <13.7.3 | |
Apple macOS | <14.7.3 | |
Apple visionOS | <2.2 | |
tvOS | <18.2 | |
watchOS | <11.2 | |
Apple iOS | <18.2 | |
Apple macOS Sequoia | <15.2 | |
Apple iOS | <18.2 | 18.2 |
iPadOS | <18.2 | 18.2 |
iPadOS | <17.7.4 | 17.7.4 |
iPadOS | <17.7.4 | |
iPadOS | >=18.0<18.2 | |
Apple iPhone OS | <18.2 | |
Apple macOS | <13.7.3 | |
Apple macOS | >=14.0<=14.7.3 | |
Apple macOS | >=15.0<15.2 | |
tvOS | <18.2 | |
Apple visionOS | <2.2 | |
watchOS | <11.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2024-54497 is classified as a denial-of-service vulnerability.
To fix CVE-2024-54497, update to the latest versions of the affected software as indicated in the vulnerability details.
CVE-2024-54497 affects several Apple products, including iPadOS, macOS Ventura, macOS Sonoma, visionOS, tvOS, watchOS, iOS, and macOS Sequoia.
The fix for CVE-2024-54497 is included in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2, and macOS Sequoia 15.2.
CVE-2024-54497 addresses an issue where processing web content could potentially lead to a denial-of-service condition.