CVE-2024-54540 – This CVE describes an input sanitization vulner... (How to Fix)

Q: What is the severity of CVE-2024-54540?

CVE-2024-54540 has a CVSS score of 4.3 (MEDIUM). This CVE describes an input sanitization vulnerability in Apple Music for Windows that could allow information disclosure. When processing malicious web content, the application may leak internal state information. Only Windows users running vulnerable versions of Apple Music are affected.

📋 TL;DR

This CVE describes an input sanitization vulnerability in Apple Music for Windows that could allow information disclosure. When processing malicious web content, the application may leak internal state information. Only Windows users running vulnerable versions of Apple Music are affected.

💻 Affected Systems

Products:

Apple Music

Versions: Versions before 1.5.0.152

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Apple Music for Windows, not macOS or other platforms.

📦 What is this software?

Music by Apple

View all CVEs affecting Music →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive application state information could be exfiltrated to an attacker, potentially revealing user data or system information.

🟠

Likely Case

Limited information disclosure about application internals without direct access to user data.

🟢

If Mitigated

No impact if patched or if malicious content is blocked at network level.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction with malicious web content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.0.152

Vendor Advisory: https://support.apple.com/en-us/122043

Restart Required: Yes

Instructions:

1. Open Apple Music for Windows. 2. Go to Settings > About. 3. Check version is 1.5.0.152 or higher. 4. If not, update via Microsoft Store or Apple Software Update.

🔧 Temporary Workarounds

Block malicious web content

windows

Use web filtering or content security policies to block potentially malicious web content from reaching Apple Music.

🧯 If You Can't Patch

Restrict Apple Music from accessing untrusted web content
Monitor for unusual application behavior or network traffic

🔍 How to Verify

Check if Vulnerable:

Check Apple Music version in Settings > About. If version is below 1.5.0.152, system is vulnerable.

Check Version:

Not applicable - check via Apple Music GUI Settings > About

Verify Fix Applied:

Confirm version is 1.5.0.152 or higher in Settings > About.

📡 Detection & Monitoring

Log Indicators:

Unusual application crashes or error messages related to content processing

Network Indicators:

Unexpected outbound connections from Apple Music process

SIEM Query:

Process:AppleMusic.exe AND (EventID:1000 OR EventID:1001) OR Network:Outbound AND Process:AppleMusic.exe

📊 Metadata

CVE ID: CVE-2024-54540

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE: CWE-79

EPSS Score: 0.12% exploit probability (30.4th percentile)

Published: January 15, 2025

Last Updated: March 24, 2025

🔗 References

https://support.apple.com/en-us/122043 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54540, you might also want to check these: