macOS Kernel Vulnerability CVE-2024-54507: A Ghostly sysctl Overread
2025-01-23
A security researcher uncovered a fascinating vulnerability (CVE-2024-54507) in the XNU kernel of macOS 15.0. The bug resides within the `sysctl_udp_log_port` function, where an integer type confusion leads to a 4-byte read instead of the expected 2-byte read of a `uint16_t` variable, resulting in a 2-byte out-of-bounds read. An attacker could exploit this to read parts of kernel memory; while the contents depend on linker behavior and system configuration, it could still leak sensitive data. Apple patched this vulnerability in macOS 15.2 and iOS 18.2.
(jprx.io)
Tech
kernel vulnerability