⚠ Actively exploited
Added to CISA KEV on 2024-11-21. Federal agencies required to patch by 2024-12-12. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2024-44308 — Apple IOS AND Ipados vulnerability
16 documents11 sources
Severity
8.8HIGHNVD
EPSS
1.5%
top 18.56%
CISA KEV
KEV
Added 2024-11-21
Due 2024-12-12
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedNov 20
KEV addedNov 21
Latest updateDec 9
KEV dueDec 12
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages9 packages
Also affects: Debian Linux 11.0
🔴Vulnerability Details
5📋Vendor Advisories
9Red Hat▶
webkitgtk: javascriptcore: processing maliciously crafted web content may lead to arbitrary code execution↗2024-11-19