CVE-2024-54551 - Memory Handling Vulnerability Fixed Across Multiple Apple Systems and Platforms

A recent security update by Apple has fixed a vulnerability in multiple Apple systems and platforms, which could have allowed an attacker to perform a denial-of-service attack by simply processing mismanaged web content. CVE-2024-54551 identifies this vulnerability and comes with the latest update to ensure memory handling is improved. The affected systems and platforms that received the fix are watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6, and iPadOS 17.6.

Code Snippet

The code snippet below demonstrates a faulty memory handling issue that may cause a memory leak and eventually lead to a denial-of-service attack:

void process_web_content(char* buffer)
{
    char* data;
    size_t data_size;

    // decoded_data_size and decoded_buffer_size can be controlled by an attacker
    decode_web_content(buffer, &data, &data_size);

    if (data_size > BUFFER_SIZE)
    {
        return; // No memory freed, causing memory leak
    }

    memcpy(decoded_buffer, data, data_size);
}

Exploit Details

By exploiting this vulnerability, an attacker can cause the target device, application, or service to crash, leading to a denial-of-service attack. Upon processing malicious web content, it would lead to memory mismanagement, rendering the affected system inoperable until the problem is addressed or the system is rebooted. This affects a variety of Apple devices and platforms, which may impact millions of users worldwide.

Original References and Links

To get more information about CVE-2024-54551 and its impact on affected systems, please visit the following resources:

Apple Support: Security Update for Multiple Platforms (link to the specific support page)

2. CVE Details: Details for CVE-2024-54551 (link to cvedetails.com/CVE-2024-54551)
3. National Vulnerability Database: CVE-2024-54551 Detail (link to https://nvd.nist.gov/vuln/detail/CVE-2024-54551)

How to update your device and protect it from CVE-2024-54551

To address this vulnerability and ensure your device or platform is protected from any potential attacks, it is highly recommended to update to the latest version of the relevant software. Below are the updated software versions that have received the fix for CVE-2024-54551:

iPadOS 17.6

Please visit the Apple software update website or update your software directly from your device to ensure it is protected from this vulnerability and any potential denial-of-service attacks.

Timeline

Published on: 03/21/2025 00:15:18 UTC
Last modified on: 03/24/2025 15:10:00 UTC