CVE-2024-54543: 
Apple Safari vulnerability analysis and mitigation

CVE-2024-54543 is a memory corruption vulnerability in WebKit that affects multiple Apple operating systems and Safari browser. The vulnerability was discovered by Lukas Bernhard, Gary Kwong, and an anonymous researcher, and was fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2, released on December 11, 2024 (Apple Support).

The vulnerability exists in WebKit, Apple's browser engine. When processing maliciously crafted web content, it can lead to memory corruption. The issue was addressed with improved memory handling. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

Processing maliciously crafted web content may lead to memory corruption, potentially allowing an attacker to execute arbitrary code. The vulnerability affects multiple Apple platforms including Safari browser and iOS/iPadOS devices (Apple Support, Apple Support).

Apple has addressed this vulnerability by improving memory handling in affected systems. Users should update to visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2, iPadOS 18.2, or macOS Sequoia 15.2 depending on their device (Apple Support).