8.8

CVE-2024-44308

Warning

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Data is provided by the National Vulnerability Database (NVD)
AppleSafari Version < 18.1.1
AppleiPadOS Version < 17.7.2
AppleiPadOS Version >= 18.0 < 18.1.1
AppleiPhone OS Version < 17.7.2
AppleiPhone OS Version >= 18.0 < 18.1.1
ApplemacOS Version < 15.1.1
ApplevisionOS Version < 2.1.1

21.11.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Code Execution Vulnerability

Vulnerability

Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.67% 0.706
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H