Login Sign Up

CVE-2024-54501

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability allows an attacker to cause a denial of service (DoS) by tricking a user into processing a maliciously crafted file on affected Apple devices. It affects multiple Apple operating systems including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. Users who process untrusted files on unpatched systems are at risk.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • watchOS
  • tvOS
  • visionOS
Versions: Versions prior to the fixed releases listed in the CVE description
Operating Systems: Apple operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable; no special configuration required for exploitation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash or freeze requiring reboot, potentially disrupting device functionality and causing data loss in active applications.

🟠

Likely Case

Application crash or system instability when processing the malicious file, requiring user intervention to restore normal operation.

🟢

If Mitigated

No impact if patched; minimal disruption with proper file handling controls and user awareness.

🌐 Internet-Facing: MEDIUM - Attackers could deliver malicious files via email, messaging, or downloads, but requires user interaction.
🏢 Internal Only: LOW - Requires local file processing; internal network exposure alone doesn't increase risk significantly.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to process a malicious file; no authentication bypass needed beyond file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2

Vendor Advisory: https://support.apple.com/en-us/121837

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS/visionOS. 2. Install the latest available update. 3. For macOS, go to System Settings > General > Software Update. 4. Install the appropriate security update for your macOS version. 5. Restart the device after installation.

🔧 Temporary Workarounds

Restrict file processing

all

Avoid opening or processing files from untrusted sources to prevent exploitation.

🧯 If You Can't Patch

  • Implement application whitelisting to restrict which applications can process files.
  • Educate users about the risks of opening files from unknown or untrusted sources.

🔍 How to Verify

Check if Vulnerable:

Check the current OS version against the patched versions listed in the CVE description.

Check Version:

iOS/iPadOS: Settings > General > About > Version. macOS: Apple menu > About This Mac > macOS version. watchOS: Watch app on iPhone > General > About > Version. tvOS: Settings > General > About > Version. visionOS: Settings > General > About > Software Version.

Verify Fix Applied:

Verify the OS version matches or exceeds the patched versions after update installation.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs related to file processing
  • System logs showing unexpected process termination

Network Indicators:

  • Unusual file downloads from untrusted sources if monitored

SIEM Query:

Search for application crash events with file-related processes on Apple devices.

📊 Metadata

CVE ID: CVE-2024-54501
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-770
Published: December 12, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54501, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)