CVE-2024-44308

high-risk

Published 2024-11-20

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Do I need to act?

1.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (6)

Debian Linux

Safari

Ipados

Iphone Os

Macos

Visionos

Affected Vendors

Debian Apple

References (8)

Vendor Advisory https://support.apple.com/en-us/121752

Vendor Advisory https://support.apple.com/en-us/121753

Vendor Advisory https://support.apple.com/en-us/121754

Vendor Advisory https://support.apple.com/en-us/121755

Vendor Advisory https://support.apple.com/en-us/121756

Mailing List http://seclists.org/fulldisclosure/2024/Nov/16

Mailing List https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 11/34 · Low

Exposure 13/34 · Low