First published: Wed Dec 11 2024(Updated: )
Accounts. A logic issue was addressed with improved file handling.
Credit: Arsenii Kostromin (0x3c3e) an anonymous researcher Mickey Jin @patch1t KandjiCsaba Fitzl @theevilbit KandjiD4m0n Mickey Jin @patch1t CertiK SkyFall Team Dillon Franke Google Project ZeroMichael Cohen D’Angelo Gonzalez CrowdStrikeRodolphe BRUNETTI @eisw0lf Lupus NovaKirin @Pwnrin 7feilee Hossein Lotfi @hosselot Trend Micro Zero Day InitiativeGary Kwong Junsung Lee Trend Micro Zero Day Initiativesohybbyk Joseph Ravichandran @0xjprx MIT CSAILBen Roeder CVE-2024-45490 风沐云烟 @binary_fmyy Bohdan Stasiuk @Bohdan_Stasiuk Michael DePlante @izobashi Trend Micro's Zero Day InitiativeHalle Winkler Politepix (theoffcuts.org) Amy @asentientbot Claudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosRodolphe BRUNETTI @eisw0lf CVE-2024-45306 Politepix theoffcuts.org Trent Lloyd @lathiat Benjamin Hornbeck ZUSO ARTSkadz @skadz108 ZUSO ARTChi Yuan Chang ZUSO ARTtaikosoup Smi1e @Smi1eSEC Anonymous Trend Micro Zero Day InitiativeYe Zhang @VAR10CK Baidu SecurityHyerean Jang Taehun Kim Youngjoo Shin Meng Zhang (鲸落) NorthSea神罚 @Pwnrin Abhay Kailasia @abhay_kailasia CRakeshkumar Talaviya Talal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncJacob Braun Rei @reizydev Kenneth Chew Yokesh Muthu K Mickey Jin @patch1t MicrosoftJonathan Bar Or @yo_yo_yo_jbo MicrosoftSeunghyun Lee Brendon Tiszka Google Project Zerolinjy HKUS3Labchluo WHUSecLabXiangwei Zhang Tencent Security YUNDING LABTashita Software Security Lukas Bernhard product-security@apple.com Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple(HyeongSeok Jang) Trend Micro Zero Day InitiativeJoshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 pattern-f @pattern_F_ 云散 Pedro Tôrres @t0rr3sp3dr0 Yiğit Can YILMAZ @yilmazcanyigit Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat Yann GASCUEL Alter SolutionsAdam M. PixiePoint Security Uri Katz (Oligo Security)
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS | <14.7.2 | 14.7.2 |
Apple iOS and macOS | <14.7.2 | |
Apple iOS and macOS | >=15.0<15.2 | |
Apple macOS | >=14.7.2<14.7.3 | |
macOS | =15.2 | |
macOS | <15.2 | 15.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2024-54509 has not been assigned a severity rating yet, but it addresses critical logic and input validation issues.
To fix CVE-2024-54509, update your systems to macOS Sonoma 14.7.3 or later, or macOS Sequoia 15.2.
CVE-2024-54509 addresses a logic issue, a type confusion issue, and an out-of-bounds write issue.
CVE-2024-54509 affects macOS Sonoma versions prior to 14.7.3 and macOS Sequoia version 15.2.
Yes, macOS Sonoma 14.7.3 and macOS Sequoia 15.2 are released to address CVE-2024-54509.