CVE-2024-54508: 
Apple Safari vulnerability analysis and mitigation

CVE-2024-54508 is a security vulnerability affecting Apple's WebKit browser engine that was disclosed on December 11, 2024. The vulnerability impacts multiple Apple operating systems including watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. The issue was discovered by researchers linjy of HKUS3Lab, chluo of WHUSecLab, and Xiangwei Zhang of Tencent Security YUNDING LAB (Apple Support).

The vulnerability is related to memory handling in WebKit, where processing maliciously crafted web content may lead to an unexpected process crash. The issue was tracked as WebKit Bugzilla: 282180 and has been assigned a CVSS v3.1 base score of 7.5 (High) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability was addressed by Apple through improved memory handling mechanisms (NVD).

When exploited, this vulnerability allows an attacker to cause an unexpected process crash through processing maliciously crafted web content. The impact primarily affects the availability of the system, with no direct impact on confidentiality or integrity (NVD).

Apple has addressed this vulnerability by implementing improved memory handling in the affected systems. Users are advised to update to the following versions: watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2 (Apple Support).