Cyber Resilience

CVE-2024-54507

Medium

Published: 27 January 2025

Published
27 January 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0013 31.5th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54507 is a medium-severity Type Confusion (CWE-843) vulnerability in Apple Ipados. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 31.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-54507 is a type confusion vulnerability addressed through improved memory handling in Apple operating systems. It affects iOS versions prior to 18.2, iPadOS versions prior to 18.2, and macOS Sequoia versions prior to 15.2. Associated with CWE-843 (Type Confusion) and CWE-125 (Out-of-bounds Read), the issue carries a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

A local attacker with user privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation enables reading of kernel memory, providing high confidentiality impact while leaving integrity and availability unaffected.

Apple's security content advisories confirm the issue was fixed in iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2. Additional details are available at https://support.apple.com/en-us/121837 and https://support.apple.com/en-us/121839.

EU & UK References

Vulnerability details

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An attacker with user privileges may be able to read kernel memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1003 OS Credential Dumping Credential Access
Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password.
Why these techniques?

Kernel memory disclosure via local type confusion directly enables credential access through exploitation (T1212) and facilitates OS credential dumping (T1003) by exposing sensitive kernel data.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-43655Same product: Apple Ipados
CVE-2026-28855Same product: Apple Ipados
CVE-2026-28952Same product: Apple Ipados
CVE-2026-28929Same product: Apple Ipados
CVE-2026-28954Same product: Apple Ipados
CVE-2025-43300Same product: Apple Ipados
CVE-2025-43202Same product: Apple Ipados
CVE-2024-44227Same product: Apple Ipados
CVE-2025-30456Same product: Apple Ipados
CVE-2026-28951Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 18.2
apple
iphone os
≤ 18.2
apple
macos
≤ 15.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses type confusion and out-of-bounds read vulnerabilities through controls minimizing the impact of memory handling flaws that enable kernel memory disclosure.

prevent

Ensures timely remediation of known flaws like CVE-2024-54507 via patching, preventing local privilege exploitation for kernel memory reads.

prevent

Enforces process isolation between user-mode and kernel-mode to limit unauthorized access to kernel memory even if type confusion occurs.

References