CVE-2024-54518 – This CVE describes an out-of-bounds memory acce... (How to Fix)

Q: What is the severity of CVE-2024-54518?

CVE-2024-54518 has a CVSS score of 5.3 (MEDIUM). This CVE describes an out-of-bounds memory access vulnerability in Apple's coprocessor handling that could allow a malicious app to corrupt coprocessor memory. The issue affects multiple Apple operating systems including macOS, iOS, iPadOS, watchOS, and tvOS. Users running affected versions of these operating systems are vulnerable.

📋 TL;DR

This CVE describes an out-of-bounds memory access vulnerability in Apple's coprocessor handling that could allow a malicious app to corrupt coprocessor memory. The issue affects multiple Apple operating systems including macOS, iOS, iPadOS, watchOS, and tvOS. Users running affected versions of these operating systems are vulnerable.

💻 Affected Systems

Products:

macOS
iOS
iPadOS
watchOS
tvOS

Versions: Versions prior to macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2, and iPadOS 18.2

Operating Systems: macOS, iOS, iPadOS, watchOS, tvOS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected versions are vulnerable by default. The vulnerability affects the coprocessor memory handling.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious app could gain elevated privileges, execute arbitrary code with kernel privileges, or cause system instability and crashes.

🟠

Likely Case

An app could cause system instability, crashes, or potentially gain access to sensitive data processed by the coprocessor.

🟢

If Mitigated

With proper app sandboxing and security controls, the impact would be limited to the app's sandbox, preventing system-wide compromise.

🌐 Internet-Facing: LOW - This requires a malicious app to be installed and executed on the device.

🏢 Internal Only: MEDIUM - Malicious apps could be distributed through enterprise app stores or sideloaded on managed devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires a malicious app to be installed and executed. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2, iPadOS 18.2

Vendor Advisory: https://support.apple.com/en-us/121837

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Download and install the latest update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources like the official App Store.

For macOS: System Preferences > Security & Privacy > General > Allow apps downloaded from: App Store
For iOS/iPadOS: Settings > General > Device Management > Restrict App Installation

🧯 If You Can't Patch

Implement strict app installation policies to prevent untrusted apps from being installed
Use mobile device management (MDM) solutions to enforce security policies and monitor for suspicious app behavior

🔍 How to Verify

Check if Vulnerable:

Check the current OS version against the patched versions listed in the fix information.

Check Version:

For macOS: sw_vers -productVersion. For iOS/iPadOS: Settings > General > About > Version. For watchOS: Watch app > General > About > Version. For tvOS: Settings > General > About > Version.

Verify Fix Applied:

Verify the OS version matches or exceeds the patched versions: macOS 15.2+, iOS 18.2+, iPadOS 18.2+, watchOS 11.2+, tvOS 18.2+

📡 Detection & Monitoring

Log Indicators:

Unexpected app crashes, kernel panics, or system instability logs
Unauthorized app installation attempts

Network Indicators:

Unusual network connections from apps to unknown domains

SIEM Query:

source="apple_system_logs" AND (event="kernel_panic" OR event="app_crash") AND app_name NOT IN ("known_trusted_apps")

📊 Metadata

CVE ID: CVE-2024-54518

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-125

EPSS Score: 0.06% exploit probability (18.5th percentile)

Published: January 27, 2025

Last Updated: March 14, 2025

🔗 References

https://support.apple.com/en-us/121837 Release Notes,Vendor Advisory
https://support.apple.com/en-us/121839 Release Notes,Vendor Advisory
https://support.apple.com/en-us/121843 Release Notes,Vendor Advisory
https://support.apple.com/en-us/121844 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54518, you might also want to check these: