CVE-2024-54534: 
OpenJDK JDK vulnerability analysis and mitigation

CVE-2024-54534 is a memory corruption vulnerability affecting Apple's WebKit browser engine. The vulnerability was discovered by Tashita Software Security and was disclosed on December 11, 2024. The affected systems include watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2, and iPadOS 18.2 (Apple Advisory).

The vulnerability is related to memory handling in WebKit when processing maliciously crafted web content. The issue can lead to memory corruption and was addressed with improved memory handling in WebKit (WebKit Bugzilla: 277967). The vulnerability has received a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating it can be exploited remotely with no privileges required (NVD).

When exploited, this vulnerability allows processing of maliciously crafted web content that may lead to memory corruption. Given the critical CVSS score and the nature of the vulnerability, successful exploitation could potentially lead to arbitrary code execution, system crashes, or information disclosure (Apple Advisory).

Apple has addressed this vulnerability by implementing improved memory handling in the affected systems. Users are advised to update to the following versions: watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2, and iPadOS 18.2 (Apple Advisory).