CVE-2024-54523
Published: 27 January 2025
Summary
CVE-2024-54523 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Ipados. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 49.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identifying, reporting, and correcting the out-of-bounds write flaw via timely patching as provided in Apple updates.
Implements memory safeguards such as non-executable memory regions and isolation to prevent exploitation of coprocessor memory corruption.
Enforces bounds checking and input validation to block out-of-bounds writes that corrupt coprocessor memory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in client app enables local memory corruption leading to code execution/privilege escalation after user runs malicious app.
NVD Description
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.
Deeper analysisAI
CVE-2024-54523 is a vulnerability addressed through improved bounds checks, classified under CWE-787 (Out-of-bounds Write). It affects Apple operating systems prior to the following versions: iOS 18.2, iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, and watchOS 11.2. The flaw allows an app to corrupt coprocessor memory, with a CVSS v3.1 base score of 6.3 (AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
A local attacker with no privileges required can exploit this vulnerability by tricking a user into interacting with a malicious app, such as through social engineering to install or execute it. Successful exploitation enables high integrity impact by corrupting coprocessor memory, potentially leading to arbitrary code execution or other system disruptions within the changed scope, though it does not directly affect confidentiality or availability.
Apple security advisories, detailed in support documents such as https://support.apple.com/en-us/121837, https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121843, and https://support.apple.com/en-us/121844, confirm the issue was fixed via improved bounds checks in the listed software updates. Mitigation requires applying these patches promptly to vulnerable systems.
Details
- CWE(s)