CVE-2024-54551
📋 TL;DR
This memory handling vulnerability in Apple's web content processing allows attackers to cause denial-of-service conditions. It affects users of Apple devices and software that process web content, including Safari browsers and multiple Apple operating systems. The issue was addressed through improved memory handling in recent updates.
💻 Affected Systems
- Safari
- watchOS
- tvOS
- macOS Sonoma
- visionOS
- iOS
- iPadOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Safari by Apple
Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Complete system crash or freeze requiring reboot, potentially disrupting device functionality and user productivity.
Likely Case
Application crashes or hangs when processing malicious web content, disrupting browsing sessions.
If Mitigated
Minimal impact with proper patching; unpatched systems remain vulnerable to targeted attacks.
🎯 Exploit Status
Exploitation requires processing malicious web content; no public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6, iPadOS 17.6
Vendor Advisory: https://support.apple.com/en-us/120909
Restart Required: No
Instructions:
1. Open Settings/System Preferences on your Apple device. 2. Navigate to Software Update/General > Software Update. 3. Download and install the latest available update. 4. For Safari on macOS, update through System Preferences > Software Update or App Store updates.
🔧 Temporary Workarounds
Disable JavaScript
allTemporarily disable JavaScript in Safari to reduce attack surface while waiting to patch.
Safari > Preferences > Security > uncheck 'Enable JavaScript'
🧯 If You Can't Patch
- Implement web content filtering to block malicious sites
- Use alternative browsers temporarily and restrict Safari usage
🔍 How to Verify
Check if Vulnerable:
Check current OS/browser version against affected versions list.Check Version:
macOS: sw_vers; iOS/iPadOS: Settings > General > About > Version; Safari: Safari > About SafariVerify Fix Applied:
Confirm OS/browser version matches or exceeds patched versions listed.📡 Detection & Monitoring
Log Indicators:
- Application crash logs for Safari or related processes
- Kernel panic logs indicating memory corruption
Network Indicators:
- Unusual web traffic patterns to known malicious sites
- Multiple connection attempts to suspicious domains
SIEM Query:
source="apple_system_logs" AND (process="Safari" OR process="WebKit") AND event="crash"🔗 References
- https://support.apple.com/en-us/120909
- https://support.apple.com/en-us/120911
- https://support.apple.com/en-us/120913
- https://support.apple.com/en-us/120914
- https://support.apple.com/en-us/120915
- https://support.apple.com/en-us/120916
- https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html
