CVE-2024-54505
📋 TL;DR
This CVE describes a type confusion vulnerability in Apple's WebKit browser engine that could allow memory corruption when processing malicious web content. Attackers could exploit this to execute arbitrary code on affected devices. All users running vulnerable versions of Apple operating systems and Safari are affected.
💻 Affected Systems
- Safari
- WebKit
📦 What is this software?
Ipados by Apple
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, or ransomware deployment.
Likely Case
Browser sandbox escape leading to arbitrary code execution within the browser context, potentially enabling further exploitation.
If Mitigated
Limited impact due to browser sandboxing, but still potentially serious if combined with other vulnerabilities.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious website) but no authentication. Type confusion vulnerabilities often require specific memory manipulation knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2, iPadOS 18.2
Vendor Advisory: https://support.apple.com/en-us/121837
Restart Required: Yes
Instructions:
1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Download and install the latest available update. 4. Restart the device when prompted.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to prevent exploitation through web content.
Use Alternative Browser
allUse a non-WebKit based browser until patches are applied.
🧯 If You Can't Patch
- Implement network filtering to block malicious websites and restrict web browsing to trusted sites only.
- Deploy application control to restrict execution of unauthorized code and enable enhanced browser sandboxing.
🔍 How to Verify
Check if Vulnerable:
Check current OS version against vulnerable versions listed in Apple advisories.Check Version:
macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version; Safari: Safari > About SafariVerify Fix Applied:
Verify OS/Safari version matches or exceeds patched versions listed in fix information.📡 Detection & Monitoring
Log Indicators:
- Crash reports from Safari/WebKit processes
- Unexpected process creation from browser context
Network Indicators:
- Connections to known malicious domains serving exploit code
- Unusual outbound traffic from browser processes
SIEM Query:
process_name:Safari AND (event_type:crash OR parent_process:explorer.exe)🔗 References
- https://support.apple.com/en-us/121837
- https://support.apple.com/en-us/121838
- https://support.apple.com/en-us/121839
- https://support.apple.com/en-us/121843
- https://support.apple.com/en-us/121844
- https://support.apple.com/en-us/121845
- https://support.apple.com/en-us/121846
- http://seclists.org/fulldisclosure/2024/Dec/10
- http://seclists.org/fulldisclosure/2024/Dec/13
- http://seclists.org/fulldisclosure/2024/Dec/6
- http://seclists.org/fulldisclosure/2024/Dec/7
- https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html
