CVE-2024-44155Apple IOS AND Ipados vulnerability

8 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 66.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple IOS AND IpadosApple MacosApple Safari+3 more
Timeline
PublishedOct 28

Description

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. Maliciously crafted web content may violate iframe sandboxing policy.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

NVDapple/ipados< 17.7.1
CVEListV5apple/ios_and_ipados< 17.7.1+1
CVEListV5apple/macos< 15
NVDapple/macos< 15.0
CVEListV5apple/safari< 18

🔴Vulnerability Details

2
GHSA
GHSA-v69q-9h68-p7hx: A custom URL scheme handling issue was addressed with improved input validation2024-10-28
CVEList
CVE-2024-44155: A custom URL scheme handling issue was addressed with improved input validation2024-10-28

📋Vendor Advisories

5
Apple
CVE-2024-44155: iOS 17.7.1 and iPadOS 17.7.12024-10-28
Apple
CVE-2024-44155: macOS Sequoia 152024-09-16
Apple
CVE-2024-44155: Safari 182024-09-16
Apple
CVE-2024-44155: iOS 18 and iPadOS 182024-09-16
Apple
CVE-2024-44155: watchOS112024-09-16
CVE-2024-44155 — Apple IOS AND Ipados vulnerability | cvebase