CVE-2024-54549: Use After Free
First published: Wed Dec 11 2024(Updated: )
Accounts. A logic issue was addressed with improved file handling.
Credit: Rodolphe BRUNETTI @eisw0lf Lupus NovaKirin @Pwnrin 7feilee Hossein Lotfi @hosselot Trend Micro Zero Day InitiativeArsenii Kostromin (0x3c3e) Gary Kwong Anonymous Trend Micro Zero Day InitiativeJunsung Lee Trend Micro Zero Day InitiativeYe Zhang @VAR10CK Baidu Securityan anonymous researcher Joseph Ravichandran @0xjprx MIT CSAILsohybbyk Hyerean Jang Taehun Kim Youngjoo Shin CVE-2024-45490 风沐云烟 @binary_fmyy Meng Zhang (鲸落) NorthSeaClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco Talos神罚 @Pwnrin Mickey Jin @patch1t Bohdan Stasiuk @Bohdan_Stasiuk Abhay Kailasia @abhay_kailasia CRakeshkumar Talaviya Talal Haj Bakry Mysk IncTommy Mysk @mysk_co Mysk IncJacob Braun Rei @reizydev Kenneth Chew Michael DePlante @izobashi Trend Micro's Zero Day InitiativeYokesh Muthu K Mickey Jin @patch1t MicrosoftJonathan Bar Or @yo_yo_yo_jbo MicrosoftAmy @asentientbot Rodolphe BRUNETTI @eisw0lf CVE-2024-45306 Seunghyun Lee Brendon Tiszka Google Project Zerolinjy HKUS3Labchluo WHUSecLabXiangwei Zhang Tencent Security YUNDING LABTashita Software Security Lukas Bernhard Halle Winkler Politepix theoffcuts.org Trent Lloyd @lathiat D’Angelo Gonzalez CrowdStrikeSmi1e @Smi1eSEC Michael Cohen Mickey Jin @patch1t KandjiCsaba Fitzl @theevilbit KandjiD4m0n CertiK SkyFall Team Dillon Franke Google Project ZeroBenjamin Hornbeck ZUSO ARTSkadz @skadz108 ZUSO ARTChi Yuan Chang ZUSO ARTtaikosoup product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS and macOS | <15.2 | |
| macOS | ||
| macOS | <15.2 | 15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/121839 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2024-54488
- CVE-2024-54541
- CVE-2024-54477
- CVE-2024-44220
- CVE-2024-54526
- CVE-2024-54527
- CVE-2024-54490
- CVE-2024-54509
- CVE-2024-54529
- CVE-2024-54550
- CVE-2024-54513
- CVE-2024-44300
- CVE-2024-54466
- CVE-2024-54489
- CVE-2024-54547
- CVE-2024-54519
- CVE-2024-54486
- CVE-2024-44291
- CVE-2024-54478
- CVE-2024-54499
- CVE-2024-54500
- CVE-2024-54517
- CVE-2024-54518
- CVE-2024-54522
- CVE-2024-54523
- CVE-2024-54506
- CVE-2024-54468
- CVE-2024-54507
- CVE-2024-54494
- CVE-2024-54510
- CVE-2024-44245
- CVE-2024-54531
- CVE-2024-54465
- CVE-2024-45490
- CVE-2024-54514
- CVE-2024-44225
- CVE-2024-54491
- CVE-2024-54484
- CVE-2024-54536
- CVE-2024-54504
- CVE-2024-54474
- CVE-2024-54476
- CVE-2024-54530
- CVE-2024-54492
- CVE-2023-32395
- CVE-2024-54497
- CVE-2024-54537
- CVE-2024-44246
- CVE-2024-54542
- CVE-2024-54501
- CVE-2024-54557
- CVE-2024-54516
- CVE-2024-54515
- CVE-2024-54528
- CVE-2024-54524
- CVE-2024-54498
- CVE-2024-54493
- CVE-2024-44243
- CVE-2024-44224
- CVE-2024-54495
- CVE-2024-54549
- CVE-2024-54475
- CVE-2024-54520
- CVE-2024-45306
- CVE-2024-54485
- CVE-2024-54479
- CVE-2024-54502
- CVE-2024-54508
- CVE-2024-54505
- CVE-2024-54534
- CVE-2024-54543
- CVE-2024-54539
Frequently Asked Questions
What is the severity of CVE-2024-54549?
CVE-2024-54549 has a severity rating that reflects potential risks to system integrity due to identified logic and state management issues.
How do I fix CVE-2024-54549?
To fix CVE-2024-54549, ensure your system is updated to macOS Sequoia version 15.2 or later.
What types of issues does CVE-2024-54549 address?
CVE-2024-54549 addresses logic, file handling, state management, and memory handling issues affecting Apple software.
Which software is affected by CVE-2024-54549?
CVE-2024-54549 affects Apple macOS Sequoia up to version 15.2.
Is there a way to check if my device is vulnerable to CVE-2024-54549?
You can check your macOS version against available updates to determine if your device is vulnerable to CVE-2024-54549.
- agent/references
- agent/type
- agent/source
- agent/description
- agent/first-publish-date
- agent/severity
- agent/event
- agent/author
- agent/last-modified-date
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- collector/apple-support
- source/Apple
- alias/CVE-2024-54474
- alias/CVE-2024-54476
- alias/CVE-2024-54530
- alias/CVE-2024-54492
- alias/CVE-2023-32395
- alias/CVE-2024-54497
- alias/CVE-2024-54537
- alias/CVE-2024-44246
- alias/CVE-2024-54542
- alias/CVE-2024-54501
- alias/CVE-2024-54557
- alias/CVE-2024-54516
- alias/CVE-2024-54515
- alias/CVE-2024-54528
- alias/CVE-2024-54524
- alias/CVE-2024-54498
- alias/CVE-2024-54493
- alias/CVE-2024-44243
- alias/CVE-2024-44224
- alias/CVE-2024-54495
- alias/CVE-2024-54549
- alias/CVE-2024-54475
- alias/CVE-2024-54520
- alias/CVE-2024-45306
- alias/CVE-2024-54485
- alias/CVE-2024-54479
- alias/CVE-2024-54502
- alias/CVE-2024-54508
- alias/CVE-2024-54505
- alias/CVE-2024-54534
- alias/CVE-2024-54543
- alias/CVE-2024-54539
- alias/CVE-2024-54466
- alias/CVE-2024-54489
- alias/CVE-2024-54547
- alias/CVE-2024-54519
- alias/CVE-2024-54486
- alias/CVE-2024-44291
- alias/CVE-2024-54478
- alias/CVE-2024-54499
- alias/CVE-2024-54500
- alias/CVE-2024-54517
- alias/CVE-2024-54518
- alias/CVE-2024-54522
- alias/CVE-2024-54523
- alias/CVE-2024-54506
- alias/CVE-2024-54468
- alias/CVE-2024-54507
- alias/CVE-2024-54494
- alias/CVE-2024-54510
- alias/CVE-2024-44245
- alias/CVE-2024-54531
- alias/CVE-2024-54465
- alias/CVE-2024-45490
- alias/CVE-2024-54514
- alias/CVE-2024-44225
- alias/CVE-2024-54491
- alias/CVE-2024-54484
- alias/CVE-2024-54536
- alias/CVE-2024-54504
- alias/CVE-2024-54526
- alias/CVE-2024-54527
- alias/CVE-2024-54490
- alias/CVE-2024-54509
- alias/CVE-2024-54529
- alias/CVE-2024-54550
- alias/CVE-2024-54513
- alias/CVE-2024-44300
- alias/CVE-2024-54541
- alias/CVE-2024-54477
- alias/CVE-2024-44220
- vendor/apple
- canonical/apple ios and macos
- canonical/macos