CVE-2024-44308

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121752	Vendor Advisory
https://support.apple.com/en-us/121753	Vendor Advisory
https://support.apple.com/en-us/121754	Vendor Advisory
https://support.apple.com/en-us/121755	Vendor Advisory
https://support.apple.com/en-us/121756	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Nov/16	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html	Mailing List
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:visionos::::::::

History

04 Nov 2025, 15:22

Type	Values Removed	Values Added
First Time		Debian debian Linux Debian
CPE		cpe:2.3:o:debian:debian_linux:11.0:::::::*
References		() http://seclists.org/fulldisclosure/2024/Nov/16 - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html - Mailing List

Information

Published : 2024-11-20 00:15

Updated : 2025-11-04 15:22

NVD link : CVE-2024-44308

Mitre link : CVE-2024-44308

CVE.ORG link : CVE-2024-44308

JSON object : View

Products Affected

debian

debian_linux

apple

visionos
ipados
iphone_os
safari
macos

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-44308", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-11-20T00:15:17.080", "references": [{"url": "https://support.apple.com/en-us/121752", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/121753", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/121754", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/121755", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/121756", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2024/Nov/16", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems."}, {"lang": "es", "value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en Safari 18.1.1, iOS 17.7.2 y iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 y iPadOS 18.1.1, visionOS 2.1.1. El procesamiento de contenido web manipulados con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haberse explotado activamente en sistemas Mac basados en Intel."}], "lastModified": "2025-11-04T15:22:03.710", "cisaActionDue": "2024-12-12", "cisaExploitAdd": "2024-11-21", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BF8CCEA-CE0F-46DF-9A7A-83A55DE97BCE", "versionEndExcluding": "18.1.1"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAEA98FE-8942-4B9B-B25E-AF99B5A650C3", "versionEndExcluding": "17.7.2"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CE6128B-DBDB-4811-971D-1069382437D4", "versionEndExcluding": "18.1.1", "versionStartIncluding": "18.0"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4F19E10-37EA-44E1-A425-F879C39DF7A8", "versionEndExcluding": "17.7.2"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "786A3E4B-531F-463E-BC62-F264E562C71F", "versionEndExcluding": "18.1.1", "versionStartIncluding": "18.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BF9E536-D3D2-474F-B4F4-564A20DDC1E6", "versionEndExcluding": "15.1.1"}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "642BDC87-257B-4B0E-88D4-DDFC26F0723F", "versionEndExcluding": "2.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Apple Multiple Products Code Execution Vulnerability"}