PT-2025-3033 · Apple · Visionos+7
Published
2024-12-11
·
Updated
2025-03-19
·
CVE-2024-54499
CVSS v2.0
9.4
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
visionOS versions prior to 2.2
tvOS versions prior to 18.2
watchOS versions prior to 11.2
iOS versions prior to 18.2
iPadOS versions prior to 18.2
macOS Sequoia versions prior to 15.2
Description
A use-after-free issue was addressed with improved memory management. Processing a maliciously crafted image may lead to arbitrary code execution. The issue is related to the ImageIO component and allows a remote attacker to execute arbitrary code by exploiting the use-after-free vulnerability.
Recommendations
For visionOS versions prior to 2.2, update to visionOS 2.2.
For tvOS versions prior to 18.2, update to tvOS 18.2.
For watchOS versions prior to 11.2, update to watchOS 11.2.
For iOS versions prior to 18.2, update to iOS 18.2.
For iPadOS versions prior to 18.2, update to iPadOS 18.2.
For macOS Sequoia versions prior to 15.2, update to macOS Sequoia 15.2.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imageio
Apple Macos
Ios
Ipados
Macos Sequoia
Tvos
Visionos
Watchos