CVE-2024-44308

Description

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: Nov 21, 2024 Remediation due: Dec 12, 2024

Affected Products

Vendor	Product	Versions
debian	debian_linux	All
apple	safari	< 18.1.1
apple	ipados	< 17.7.2
apple	ipados	18.0 — 18.1.1
apple	iphone_os	< 17.7.2
apple	iphone_os	18.0 — 18.1.1
apple	macos	15.0 — 15.1.1
apple	visionos	< 2.1.1

References

Advisories & Patches

https://support.apple.com/en-us/121752 https://support.apple.com/en-us/121753 https://support.apple.com/en-us/121754 https://support.apple.com/en-us/121755 https://support.apple.com/en-us/121756

Other References

http://seclists.org/fulldisclosure/2024/Nov/16 https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308

Frequently Asked Questions

What is CVE-2024-44308? +

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. It has a CVSS v3.1 base score of 8.8 (HIGH). This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

How severe is CVE-2024-44308? +

CVE-2024-44308 has a CVSS v3.1 score of 8.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-44308? +

CVE-2024-44308 affects products from apple, debian, specifically: debian_linux, ipados, iphone_os, macos, safari, visionos. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-44308? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-42472 10.0

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak …

CVE-2025-24201 10.0

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, …

CVE-2025-32433 10.0

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH …

CVE-2025-49113 9.9

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in …

CVE-2023-6816 9.8

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button …

CVE-2025-0838 9.8

There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not …