CVE-2024-54510: 
macOS vulnerability analysis and mitigation

A race condition vulnerability (CVE-2024-54510) was discovered in Apple's kernel component, affecting multiple Apple operating systems including iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, and macOS Sonoma 14.7.2. The vulnerability was discovered by Joseph Ravichandran of MIT CSAIL and was disclosed on December 11, 2024 (Apple Support).

The vulnerability is classified as a race condition in the kernel that was addressed with improved locking mechanisms. It has been assigned a CVSS v3.1 base score of 5.1 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability is categorized under CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) (NVD).

The vulnerability allows an application to potentially leak sensitive kernel state information. This could lead to unauthorized access to sensitive system information, potentially compromising system security (Apple Support, Apple Support).

Apple has released security updates to address this vulnerability across multiple operating systems. The fixes are available in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, and macOS Sonoma 14.7.2. Users are advised to update their systems to the latest versions (Apple Support).