CVE-2024-54534
📋 TL;DR
This is a critical memory corruption vulnerability in Apple's WebKit browser engine that affects multiple Apple operating systems and Safari. Processing malicious web content could allow attackers to execute arbitrary code on affected devices. All users of unpatched Apple devices with web browsing capabilities are at risk.
💻 Affected Systems
- Safari
- WebKit-based applications
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, and persistent malware installation.
Likely Case
Browser-based attacks delivering malware, credential theft, or ransomware through malicious websites.
If Mitigated
Limited impact with proper network segmentation, application whitelisting, and security controls in place.
🎯 Exploit Status
CVSS 9.8 indicates trivial exploitation requiring no user interaction beyond visiting a malicious website. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2, iPadOS 18.2
Vendor Advisory: https://support.apple.com/en-us/121837
Restart Required: Yes
Instructions:
1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS/visionOS. 2. Install available updates. 3. For macOS, go to System Settings > General > Software Update. 4. For Safari on older macOS versions, update through App Store.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to prevent exploitation through malicious web content.
Use Alternative Browser
allUse non-WebKit browsers like Firefox or Chrome until patches are applied.
🧯 If You Can't Patch
- Implement network filtering to block access to untrusted websites
- Enable application control to restrict execution of unauthorized binaries
🔍 How to Verify
Check if Vulnerable:
Check system version against affected versions list. If running older than patched versions, system is vulnerable.Check Version:
iOS/iPadOS: Settings > General > About > Version. macOS: Apple menu > About This Mac > macOS version. Safari: Safari menu > About Safari.Verify Fix Applied:
Verify system version matches or exceeds patched versions listed in fix_official.patch_version.📡 Detection & Monitoring
Log Indicators:
- Unexpected browser crashes
- Memory access violation logs
- Suspicious process creation from browser
Network Indicators:
- Connections to known malicious domains from Safari/WebKit processes
- Unusual outbound traffic patterns
SIEM Query:
process_name:"Safari" OR process_name:"WebKit" AND (event_type:crash OR memory_violation OR suspicious_child_process)🔗 References
- https://support.apple.com/en-us/121837
- https://support.apple.com/en-us/121839
- https://support.apple.com/en-us/121843
- https://support.apple.com/en-us/121844
- https://support.apple.com/en-us/121845
- https://support.apple.com/en-us/121846
- http://seclists.org/fulldisclosure/2024/Dec/11
- http://seclists.org/fulldisclosure/2024/Dec/13
- http://seclists.org/fulldisclosure/2024/Dec/5
- http://seclists.org/fulldisclosure/2024/Dec/7
- http://seclists.org/fulldisclosure/2025/Apr/5
- https://security.netapp.com/advisory/ntap-20250418-0002/
