CVE-2024-54500: 
macOS vulnerability analysis and mitigation

CVE-2024-54500 is a security vulnerability discovered in Apple's ImageIO component that affects multiple Apple operating systems including iOS 18.2, iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, watchOS 11.2, tvOS 18.2, and visionOS 2.2. The vulnerability was disclosed and patched on December 11, 2024. The issue involves the processing of maliciously crafted images that could result in the disclosure of process memory (Apple Support).

The vulnerability is related to memory handling in the ImageIO component. The issue was addressed with improved checks to prevent unauthorized disclosure of process memory. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access is required and the primary impact is on confidentiality (NVD).

When exploited, this vulnerability could allow an attacker to access process memory through a maliciously crafted image, potentially exposing sensitive information stored in the application's memory space (Apple Support, Apple Support).

Apple has addressed this vulnerability by implementing improved checks in the affected operating systems. Users should update to iOS 18.2, iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, watchOS 11.2, tvOS 18.2, or visionOS 2.2 as appropriate for their devices (Apple Support).

The vulnerability was discovered and reported by Junsung Lee working with Trend Micro Zero Day Initiative, demonstrating ongoing security research collaboration between security researchers and Apple (Apple Support).