CVE-2024-44206 — Apple IOS AND Ipados vulnerability

9 documents4 sources

Severity

9.3CRITICALNVD

EPSS

0.5%

top 35.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Safari +5 more

Timeline

PublishedOct 24

Description

An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.7

Affected Packages12 packages

▶CVEListV5apple/tvos< 17.6

▶NVDapple/tvos< 17.6

▶CVEListV5apple/macos< 14.6

▶NVDapple/macos< 14.6

▶CVEListV5apple/safari< 17.6

🔴Vulnerability Details

CVEList

CVE-2024-44206: An issue in the handling of URL protocols was addressed with improved logic↗2024-10-24

▶

GHSA

GHSA-74x7-28x6-q6gc: An issue in the handling of URL protocols was addressed with improved logic↗2024-10-24

▶

📋Vendor Advisories

Apple

CVE-2024-44206: visionOS 1.3↗2024-07-29

▶

Apple

CVE-2024-44206: tvOS 17.6↗2024-07-29

▶

Apple

CVE-2024-44206: iOS 17.6 and iPadOS 17.6↗2024-07-29

▶

Apple

CVE-2024-44206: macOS Sonoma 14.6↗2024-07-29

▶

Apple

CVE-2024-44206: Safari 17.6↗2024-07-29

▶