Apple Safari Web Content Arbitrary Code Execution Vulnerability
CVE-2024-44308 Published on November 20, 2024
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Known Exploited Vulnerability
This Apple Multiple Products Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
The following remediation steps are recommended / required by December 12, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2024-44308 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Products Associated with CVE-2024-44308
You can be notified by stack.watch whenever vulnerabilities like CVE-2024-44308 are published in these products:
What versions are vulnerable to CVE-2024-44308?
- Apple visionOS Fixed in Version 2.1.1
- Apple Iphone Os Version 18.0 Fixed in Version 18.1.1
- Apple Safari Fixed in Version 18.1.1
- Apple Iphone Os Fixed in Version 17.7.2
- Apple macOS Fixed in Version 15.1.1
- Apple iPadOS Version 18.0 Fixed in Version 18.1.1
- Apple iPadOS Fixed in Version 17.7.2