CVE-2024-54529

Published Dec 12, 2024

Last updated 5 months ago

CVSS high 7.8
macOS
Mobile device

Overview

Description
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges.
Source
product-security@apple.com
NVD status
Modified
Products
macos

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-94

Social media

Hype score
Not currently trending

  1. 🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529 Intel Report: https://t.co/0ycUz8OANX

    @cyberbivash

    22 Mar 2026

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-54529 was patched. To celebrate, I'm open-sourcing my full PoC exploit for this CoreAudio type confusion vulnerability 🔊 The code is right here! Enjoy: https://t.co/XvWXwXmPg6 https://t.co/aD9NjL70wJ

    @hermes_tool1

    2 Feb 2026

    3954 Impressions

    4 Retweets

    36 Likes

    30 Bookmarks

    2 Replies

    0 Quotes

  3. It's been just over a year since CVE-2024-54529 was patched. To celebrate, I'm open-sourcing my full PoC exploit for this CoreAudio type confusion vulnerability 🔊 The code is right here! Enjoy: https://t.co/GRvILp6C84 https://t.co/1tu0qyHsQg

    @dillon_franke

    30 Jan 2026

    22068 Impressions

    41 Retweets

    222 Likes

    120 Bookmarks

    4 Replies

    1 Quote

  4. Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529 https://t.co/Sozi4r5TcL

    @ProjectZeroBugs

    30 Jan 2026

    3471 Impressions

    13 Retweets

    50 Likes

    20 Bookmarks

    1 Reply

    0 Quotes

  5. CVE-2024-54529 A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute … https://t.co/zlYhQ0Qnxw

    @CVEnew

    12 Dec 2024

    234 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-54529 Kernel Privilege Logic Flaw in macOS Sequoia, Ventura, and Sonoma... https://t.co/Vqdc4wHjiJ Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x

    @VulmonFeeds

    12 Dec 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy.CVE-2026-20643
  2. Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588CVE-2026-21386
  3. Qualcomm Multiple Chipsets Memory Corruption VulnerabilityCVE-2026-21385
  4. Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.CVE-2026-2786
  5. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.CVE-2026-25983

References

Sources include official advisories and independent security research.