CVE-2024-54479: 
Apple Safari vulnerability analysis and mitigation

CVE-2024-54479 is a security vulnerability affecting multiple Apple operating systems and Safari browser. The vulnerability was discovered by Seunghyun Lee and disclosed on December 11, 2024. The affected systems include iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. The issue involves processing maliciously crafted web content that may lead to an unexpected process crash (Apple Support).

The vulnerability exists in the WebKit component and is tracked as WebKit Bugzilla: 278497. The issue was addressed with improved checks in the WebKit engine. The vulnerability has a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it is network accessible, requires low attack complexity, needs no privileges or user interaction, and can cause high availability impact (NVD).

When exploited, this vulnerability can lead to an unexpected process crash when processing maliciously crafted web content. The impact primarily affects the availability of the system, with no direct impact on confidentiality or integrity (Apple Support).

Apple has released security updates to address this vulnerability across multiple platforms. The fixes are available in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Users are advised to update their devices to these latest versions to protect against potential exploitation (Apple Support).