CVE-2024-54479
📋 TL;DR
This vulnerability in Apple's WebKit browser engine allows processing malicious web content to cause unexpected process crashes. It affects users of Safari browser and Apple operating systems including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. The issue could potentially be leveraged for denial of service attacks against affected devices.
💻 Affected Systems
- Safari
- iOS
- iPadOS
- macOS
- watchOS
- tvOS
- visionOS
📦 What is this software?
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
An attacker could craft a malicious website that crashes the browser or system processes when visited, potentially leading to denial of service or as part of a chain for more severe exploitation.
Likely Case
Most probable impact is browser or application crashes when visiting malicious websites, causing temporary denial of service and potential data loss in unsaved work.
If Mitigated
With proper controls like updated software and web filtering, impact is limited to potential crashes of isolated browser processes.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious website) but no authentication. Apple has addressed the issue but hasn't disclosed technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2
Vendor Advisory: https://support.apple.com/en-us/121837
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Go to General > Software Update. 3. Download and install available updates. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to prevent execution of malicious web content
Use alternative browser
allUse non-WebKit based browsers until systems can be patched
🧯 If You Can't Patch
- Implement web content filtering to block known malicious sites
- Educate users about phishing risks and safe browsing practices
🔍 How to Verify
Check if Vulnerable:
Check current OS version against patched versions listed in Apple advisoriesCheck Version:
On macOS: sw_vers; On iOS/iPadOS: Settings > General > About > Version; In Safari: Safari > About SafariVerify Fix Applied:
Verify OS/browser version matches or exceeds patched versions: iPadOS 17.7.3+, watchOS 11.2+, visionOS 2.2+, tvOS 18.2+, macOS Sequoia 15.2+, Safari 18.2+, iOS 18.2+, iPadOS 18.2+📡 Detection & Monitoring
Log Indicators:
- Unexpected Safari/WebKit process crashes
- Browser crash reports
- Kernel panic logs following web browsing
Network Indicators:
- Connections to suspicious domains followed by browser crashes
- Unusual web traffic patterns
SIEM Query:
source="apple_system_logs" AND (process="Safari" OR process="WebKit") AND event="crash"🔗 References
- https://support.apple.com/en-us/121837
- https://support.apple.com/en-us/121838
- https://support.apple.com/en-us/121839
- https://support.apple.com/en-us/121843
- https://support.apple.com/en-us/121844
- https://support.apple.com/en-us/121845
- https://support.apple.com/en-us/121846
- http://seclists.org/fulldisclosure/2024/Dec/10
- http://seclists.org/fulldisclosure/2024/Dec/13
- http://seclists.org/fulldisclosure/2024/Dec/6
- http://seclists.org/fulldisclosure/2024/Dec/7
- https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html
