8.8

CVE-2024-44308

Warnung

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version < 18.1.1
AppleiPadOS Version < 17.7.2
AppleiPadOS Version >= 18.0 < 18.1.1
AppleiPhone OS Version < 17.7.2
AppleiPhone OS Version >= 18.0 < 18.1.1
ApplemacOS Version < 15.1.1
ApplevisionOS Version < 2.1.1

21.11.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Code Execution Vulnerability

Schwachstelle

Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.706
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H