CVE-2024-54517 – This vulnerability allows a malicious app to co... (How to Fix)

Q: What is the severity of CVE-2024-54517?

CVE-2024-54517 has a CVSS score of 7.8 (HIGH). This vulnerability allows a malicious app to corrupt coprocessor memory on Apple devices, potentially leading to system instability or unauthorized code execution. It affects macOS, iOS, iPadOS, watchOS, and tvOS before specific updates. Users running affected Apple operating systems are at risk.

📋 TL;DR

This vulnerability allows a malicious app to corrupt coprocessor memory on Apple devices, potentially leading to system instability or unauthorized code execution. It affects macOS, iOS, iPadOS, watchOS, and tvOS before specific updates. Users running affected Apple operating systems are at risk.

💻 Affected Systems

Products:

macOS
iOS
iPadOS
watchOS
tvOS

Versions: Versions before macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2, and iPadOS 18.2

Operating Systems: macOS, iOS, iPadOS, watchOS, tvOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Apple operating systems are vulnerable before patching.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing arbitrary code execution with kernel privileges, potentially leading to data theft, persistence, or device takeover.

🟠

Likely Case

Application crashes, system instability, or limited privilege escalation within the app sandbox environment.

🟢

If Mitigated

No impact if devices are fully patched or if vulnerable apps are prevented from running.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires a malicious app to be installed and executed on the target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2, iPadOS 18.2

Vendor Advisory: https://support.apple.com/en-us/121837

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Download and install the latest update for your device. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources like the App Store to prevent malicious apps from exploiting this vulnerability.

🧯 If You Can't Patch

Isolate affected devices from critical networks and sensitive data.
Implement application allowlisting to prevent unauthorized apps from executing.

🔍 How to Verify

Check if Vulnerable:

Check the operating system version against the affected versions listed above.

Check Version:

On macOS: sw_vers -productVersion. On iOS/iPadOS: Settings > General > About > Version. On watchOS/tvOS: Settings > General > About > Version.

Verify Fix Applied:

Verify the device is running macOS Sequoia 15.2 or later, watchOS 11.2 or later, tvOS 18.2 or later, iOS 18.2 or later, or iPadOS 18.2 or later.

📡 Detection & Monitoring

Log Indicators:

Unexpected application crashes, kernel panics, or memory corruption errors in system logs.

Network Indicators:

Unusual outbound connections from Apple devices to unknown destinations.

SIEM Query:

source="apple_system_logs" AND (event="kernel_panic" OR event="memory_corruption")

📊 Metadata

CVE ID: CVE-2024-54517

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.09% exploit probability (25.5th percentile)

Published: January 27, 2025

Last Updated: January 31, 2025

🔗 References

https://support.apple.com/en-us/121837 Release Notes
https://support.apple.com/en-us/121839 Release Notes
https://support.apple.com/en-us/121843 Release Notes
https://support.apple.com/en-us/121844 Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54517, you might also want to check these: