What is the severity of CVE-2024-54658?

CVE-2024-54658 is considered a high severity vulnerability due to its impact on Safari's Private Browsing functionality.

How do I fix CVE-2024-54658?

To fix CVE-2024-54658, update Safari to version 17.4 or later.

What impact does CVE-2024-54658 have on users?

CVE-2024-54658 may expose sensitive information during private browsing sessions, compromising user privacy.

Which versions of Safari are affected by CVE-2024-54658?

CVE-2024-54658 affects all versions of Safari prior to 17.4.

What was the cause of CVE-2024-54658?

CVE-2024-54658 was caused by improper memory handling in WebKit, leading to security vulnerabilities.

Vulnerability/
CVE-2024-54658

medium

6.5

CWE

362 119 20

5/3/2024

10/2/2025

3/3/2025

CVE-2024-54658: Race Condition

First published: Tue Mar 05 2024(Updated: )

Accessibility. A privacy issue was addressed with improved private data redaction for log entries.

Credit: anbu1024 SecANTJames Lee @Windowsrcer Johan Carlsson (joaxcar) an anonymous researcher Georg Felber Marco Squarcina Matej Rabzelj Kirin @Pwnrin luckyu @uuulucky Mickey Jin @patch1t K宝 Fudan UniversityLFY @secsys Fudan UniversityLewis Hardy Bistrit Dahal CVE-2024-23241 CVE-2024-23242 Joshua Jewett @JoshJewett33 Matthew Loewen Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik Pwn2car CVE-2024-23238 Wojciech Regula SecuRingYiğit Can YILMAZ @yilmazcanyigit Lyra Rebane (rebane2001) CVE-2024-23296 CVE-2024-23225 koocola ali yabuz Meysam Firouzi @R00tkitsmm Trend Micro Zero Day Initiative @08Tc3wBB JamfCVE-2024-23283 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Pedro Tôrres @t0rr3sp3dr0 Bohdan Stasiuk @Bohdan_Stasiuk Harsh Tyagi Junsung Lee Trend Micro Zero Day InitiativeZhenjiang Zhao pangu teamQianxin CrowdStrike Counter Adversary Operations CrowdStrike Counter Adversary OperationsAmir Bazine CrowdStrike Counter Adversary OperationsKarsten König CrowdStrike Counter Adversary OperationsDohyun Lee @l33d0hyun Lyutoon Mr.R Murray Mike CVE-2024-23235 Xinru Chi Pangu Labm4yfly with TianGong Team Legendsec at Qi'anxin GroupGuilherme Rambo Best Buddy AppsCsaba Fitzl @theevilbit OffSecCVE-2024-23205 CVE-2022-48554 Marc Newlin SkySafeBrian McNulty Stephan Casas CVE-2024-23291 CVE-2024-23220 Patrick Reardon scj643 Om Kothawade Cristian Dinca Computer ScienceRomania product-security@apple.com

Affected Software	Affected Version	How to fix
	<14.4	14.4
Apple macOS	<14.4	14.4
tvOS	<17.4	17.4
Apple Mobile Safari	<17.4	17.4
Apple iOS, iPadOS, and watchOS	<10.4	10.4
Apple iOS, iPadOS, and watchOS	<17.4	17.4
Apple iOS, iPadOS, and watchOS	<17.4	17.4
visionOS	<1.1	1.1
	<17.4
	<17.4
	<17.4
	<14.4
	<17.4
	<1.1
	<10.4

Never miss a vulnerability like this again

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-23291
CVE-2024-23276
CVE-2024-23227
CVE-2024-27886
CVE-2024-23233
CVE-2024-23269
CVE-2024-23288
CVE-2024-23277
CVE-2024-23247
CVE-2024-23248
CVE-2024-23249
CVE-2024-23250
CVE-2024-23299
CVE-2024-23244
CVE-2024-23205
CVE-2022-48554
CVE-2024-23229
CVE-2024-27789
CVE-2024-23253
CVE-2024-23270
CVE-2024-23257
CVE-2024-23258
CVE-2024-23286
CVE-2024-23234
CVE-2024-23266
CVE-2024-23235
CVE-2024-23265
CVE-2024-23225
CVE-2024-27853
CVE-2024-23278
CVE-2024-0258
CVE-2024-23279
CVE-2024-23287
CVE-2024-23264
CVE-2024-23285
CVE-2024-27809
CVE-2024-23283
CVE-2024-27887
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
CVE-2022-42816
CVE-2024-23216
CVE-2024-23267
CVE-2024-23268
CVE-2024-23274
CVE-2023-42853
CVE-2024-23275
CVE-2024-27888
CVE-2024-23255
CVE-2024-23294
CVE-2024-23296
CVE-2024-23259
CVE-2024-23273
CVE-2024-23238
CVE-2024-23239
CVE-2024-23290
CVE-2024-23232
CVE-2024-23231
CVE-2024-23230
CVE-2024-23245
CVE-2024-23292
CVE-2024-23289
CVE-2024-23293
CVE-2024-23241
CVE-2024-23272
CVE-2024-23242
CVE-2024-23281
CVE-2024-27792
CVE-2024-23261
CVE-2024-23260
CVE-2024-23246
CVE-2024-54658
CVE-2024-23226
CVE-2024-27859
CVE-2024-23254
CVE-2024-23263
CVE-2024-23280
CVE-2024-23284
CVE-2024-23297
CVE-2024-23243
CVE-2024-23262
CVE-2024-23240
CVE-2024-23220
CVE-2024-23256
CVE-2024-23295

Frequently Asked Questions

What is the severity of CVE-2024-54658?
CVE-2024-54658 is considered a high severity vulnerability due to its impact on Safari's Private Browsing functionality.
How do I fix CVE-2024-54658?
To fix CVE-2024-54658, update Safari to version 17.4 or later.
What impact does CVE-2024-54658 have on users?
CVE-2024-54658 may expose sensitive information during private browsing sessions, compromising user privacy.
Which versions of Safari are affected by CVE-2024-54658?
CVE-2024-54658 affects all versions of Safari prior to 17.4.
What was the cause of CVE-2024-54658?
CVE-2024-54658 was caused by improper memory handling in WebKit, leading to security vulnerabilities.

collector/apple-support
source/Apple
alias/CVE-2024-23230
alias/CVE-2024-23245
alias/CVE-2024-23292
alias/CVE-2024-23289
alias/CVE-2024-23293
alias/CVE-2024-23241
alias/CVE-2024-23272
alias/CVE-2024-23242
alias/CVE-2024-23281
alias/CVE-2024-27792
alias/CVE-2024-23261
alias/CVE-2024-23260
alias/CVE-2024-23246
alias/CVE-2024-54658
alias/CVE-2024-23226
alias/CVE-2024-27859
alias/CVE-2024-23254
alias/CVE-2024-23263
alias/CVE-2024-23280
alias/CVE-2024-23284
alias/CVE-2024-23239
alias/CVE-2024-23290
alias/CVE-2024-23232
alias/CVE-2024-23231
alias/CVE-2024-23273
alias/CVE-2024-23238
agent/software-canonical-lookup
alias/CVE-2024-27853
alias/CVE-2024-23278
alias/CVE-2024-0258
alias/CVE-2024-23279
alias/CVE-2024-23287
alias/CVE-2024-23264
alias/CVE-2024-23285
alias/CVE-2024-27809
alias/CVE-2024-23283
alias/CVE-2024-27887
alias/CVE-2023-48795
alias/CVE-2023-51384
alias/CVE-2023-51385
alias/CVE-2022-42816
alias/CVE-2024-23216
alias/CVE-2024-23267
alias/CVE-2024-23268
alias/CVE-2024-23274
alias/CVE-2023-42853
alias/CVE-2024-23275
alias/CVE-2024-27888
alias/CVE-2024-23255
alias/CVE-2024-23294
alias/CVE-2024-23296
alias/CVE-2024-23259
alias/CVE-2024-23257
alias/CVE-2024-23258
alias/CVE-2024-23286
alias/CVE-2024-23234
alias/CVE-2024-23266
alias/CVE-2024-23235
alias/CVE-2024-23265
alias/CVE-2024-23225
alias/CVE-2024-23248
alias/CVE-2024-23249
alias/CVE-2024-23250
alias/CVE-2024-23299
alias/CVE-2024-23244
alias/CVE-2024-23205
alias/CVE-2022-48554
alias/CVE-2024-23229
alias/CVE-2024-27789
alias/CVE-2024-23253
alias/CVE-2024-23270
alias/CVE-2024-23277
alias/CVE-2024-23247
alias/CVE-2024-23288
alias/CVE-2024-23227
alias/CVE-2024-27886
alias/CVE-2024-23233
alias/CVE-2024-23269
alias/CVE-2024-23276
alias/CVE-2024-23297
collector/mitre-cve
source/MITRE
agent/trending
agent/weakness
agent/references
agent/source
agent/author
agent/type
agent/description
agent/first-publish-date
agent/software-canonical-lookup-request
alias/CVE-2024-23240
alias/CVE-2024-23220
alias/CVE-2024-23256
alias/CVE-2024-23291
alias/CVE-2024-23262
alias/CVE-2024-23295
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/event
agent/tags
collector/nvd-api
source/NVD
vendor/apple
canonical/apple macos
canonical/tvos
canonical/apple mobile safari
canonical/apple ios, ipados, and watchos
canonical/visionos