CVE-2024-54505: 
Apple Safari vulnerability analysis and mitigation

A type confusion vulnerability (CVE-2024-54505) was discovered in WebKit, affecting multiple Apple operating systems including iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. The vulnerability was disclosed on December 11, 2024, and was discovered by Gary Kwong (Apple Advisory).

The vulnerability is a type confusion issue in WebKit's memory handling system. When processing maliciously crafted web content, the vulnerability could lead to memory corruption. The issue was addressed with improved memory handling and is tracked in WebKit Bugzilla under ID 282661. The vulnerability has received a CVSS 3.1 base score of 8.8 HIGH with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could allow an attacker to cause memory corruption through maliciously crafted web content. The high severity score indicates potential impacts on confidentiality, integrity, and availability of the affected systems (Apple Advisory).

Apple has released security updates to address this vulnerability across multiple platforms. Users should update to iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 or iPadOS 18.2 as appropriate for their devices (Apple Advisory).