Login Sign Up

CVE-2024-54510

5.1 MEDIUM

📋 TL;DR

A race condition vulnerability in Apple operating systems could allow malicious apps to leak sensitive kernel state information. This affects multiple Apple devices including iPhones, iPads, Macs, Apple Watches, and Apple TVs. The vulnerability has been addressed in recent security updates.

💻 Affected Systems

Products:
  • iPhone
  • iPad
  • Mac
  • Apple Watch
  • Apple TV
Versions: Versions prior to iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2, iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2
Operating Systems: iOS, iPadOS, macOS, watchOS, tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All affected Apple devices with unpatched operating systems are vulnerable by default.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could gain access to sensitive kernel memory contents, potentially leading to privilege escalation or information disclosure about system internals.

🟠

Likely Case

Malicious apps could leak kernel state information, potentially enabling further exploitation or information gathering about the device.

🟢

If Mitigated

With proper app sandboxing and security controls, exploitation would be limited to information disclosure within the app's context.

🌐 Internet-Facing: LOW - This requires local app execution, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Requires malicious app installation, but could be exploited by compromised internal apps.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed and race condition timing to be successfully triggered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2

Vendor Advisory: https://support.apple.com/en-us/121837

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS. 2. Go to System Settings > General > Software Update on macOS. 3. Download and install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only install apps from trusted sources like the official App Store to reduce risk of malicious apps.

🧯 If You Can't Patch

  • Implement strict app installation policies to prevent untrusted apps from being installed
  • Monitor for unusual app behavior and consider app whitelisting

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list. On iOS/iPadOS: Settings > General > About > Version. On macOS: Apple menu > About This Mac > macOS version.

Check Version:

iOS/iPadOS/watchOS/tvOS: No command line, use Settings app. macOS: sw_vers -productVersion

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual kernel memory access patterns
  • App crash reports involving kernel space

Network Indicators:

  • No direct network indicators - local exploitation only

SIEM Query:

No specific SIEM query - monitor for app installation events and kernel panic logs

📊 Metadata

CVE ID: CVE-2024-54510
CVSS v3 Score: 5.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-362
Published: December 12, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54510, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)