First published: Wed Dec 11 2024(Updated: )
Accounts. A logic issue was addressed with improved file handling.
Credit: Benjamin Hornbeck ZUSO ARTSkadz @skadz108 ZUSO ARTChi Yuan Chang ZUSO ARTtaikosoup Arsenii Kostromin (0x3c3e) an anonymous researcher Mickey Jin @patch1t Micheal Chukwu Smi1e @Smi1eSEC Bistrit Dahal Hossein Lotfi @hosselot Trend Micro Zero Day InitiativeGary Kwong Anonymous Trend Micro Zero Day InitiativeJunsung Lee Trend Micro Zero Day InitiativeYe Zhang @VAR10CK Baidu SecurityJoseph Ravichandran @0xjprx MIT CSAILsohybbyk CVE-2024-45490 风沐云烟 @binary_fmyy Abhay Kailasia @abhay_kailasia CRakeshkumar Talaviya Talal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncJacob Braun Rei @reizydev Kenneth Chew Michael DePlante @izobashi Trend Micro's Zero Day InitiativeCVE-2024-45306 Seunghyun Lee Brendon Tiszka Google Project Zerolinjy HKUS3Labchluo WHUSecLabXiangwei Zhang Tencent Security YUNDING LABTashita Software Security Lukas Bernhard Rodolphe BRUNETTI @eisw0lf Lupus NovaKirin @Pwnrin 7feilee Hyerean Jang Taehun Kim Youngjoo Shin Meng Zhang (鲸落) NorthSeaClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco Talos神罚 @Pwnrin Bohdan Stasiuk @Bohdan_Stasiuk Yokesh Muthu K Mickey Jin @patch1t MicrosoftJonathan Bar Or @yo_yo_yo_jbo MicrosoftAmy @asentientbot Rodolphe BRUNETTI @eisw0lf Halle Winkler Politepix theoffcuts.org Trent Lloyd @lathiat D’Angelo Gonzalez CrowdStrikeMichael Cohen Mickey Jin @patch1t KandjiCsaba Fitzl @theevilbit KandjiD4m0n CertiK SkyFall Team Dillon Franke Google Project Zero product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/webkit2gtk | <=2.44.2-1~deb11u1 | 2.46.5-1~deb11u1 2.46.5-1~deb12u1 2.46.5-1 |
debian/wpewebkit | <=2.38.6-1~deb11u1<=2.38.6-1 | 2.46.5-1 |
Apple macOS Sequoia | <15.2 | 15.2 |
Apple visionOS | <2.2 | 2.2 |
Apple Safari | <18.2 | 18.2 |
watchOS | <11.2 | 11.2 |
tvOS | <18.2 | 18.2 |
Apple iOS | <18.2 | 18.2 |
iPadOS | <18.2 | 18.2 |
Apple Safari | <18.2 | |
iPadOS | <18.2 | |
Apple iPhone OS | <18.2 | |
Apple macOS | >=15.0<15.2 | |
tvOS | <18.2 | |
Apple visionOS | <2.2 | |
watchOS | <11.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2024-54502 has a high severity rating due to the logic issue affecting file handling and memory management.
To fix CVE-2024-54502, update your affected software to the latest version as specified in the remedy section.
CVE-2024-54502 affects various software products, including Apple macOS, iOS, iPadOS, Safari, and WebKit packages.
CVE-2024-54502 addresses issues related to logic errors, improved memory handling, and state management improvements.
There are currently no known public exploits specifically targeting CVE-2024-54502.