CVE-2024-44309

moderate-risk

Published 2024-11-20

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Do I need to act?

1.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.3/10 Medium

NETWORK / LOW complexity

Affected Products (6)

Debian Linux

Safari

Ipados

Iphone Os

Macos

Visionos

Affected Vendors

Debian Apple

References (8)

Vendor Advisory https://support.apple.com/en-us/121752

Vendor Advisory https://support.apple.com/en-us/121753

Vendor Advisory https://support.apple.com/en-us/121754

Vendor Advisory https://support.apple.com/en-us/121755

Vendor Advisory https://support.apple.com/en-us/121756

Mailing List http://seclists.org/fulldisclosure/2024/Nov/16

Mailing List https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-...

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 11/34 · Low

Exposure 13/34 · Low