Severity
High
Analysis Summary
CVE-2024-54538 CVSS:7.5
Apple visionOS, iOS, iPadOS, tvOS, macOS Sonoma, watchOS and macOS Ventura are vulnerable to a denial of service, caused by an issue in the Security component. A remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-54515 CVSS:7.8
Apple macOS Sequoia could allow a local attacker to gain elevated privileges on the system, caused by a logic issue in the SharedFileList component. By using a specially crafted application, an attacker could exploit this vulnerability to gain root privileges.
CVE-2024-54506 CVSS:7.8
Apple macOS Sequoia could allow a local attacker to gain execute arbitrary code on the system, caused by an out-of-bounds access issue in the IOMobileFrameBufferl component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code in the DCP firmware or cause a denial of service.
CVE-2025-24150 CVSS:8.8
Apple Safari could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection in the WebKit component when copying a URL from Web Inspector.
Impact
- Code Execution
- Privilege Escalation
- Gain Access
Indicators of Compromise
CVE
CVE-2024-54538
CVE-2024-54515
CVE-2024-54506
CVE-2025-24150
Affected Vendors
- Apple
Affected Products
- Apple macOS Sonoma 14.7.0
- Apple visionOS 2.0
- Apple iOS 17.7.0
- Apple tvOS 18.0
- Apple macOS Sequoia - 15.1
- Apple Safari - 18.2
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.