A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.
Metrics
Affected Vendors & Products
References
History
Wed, 30 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 29 Oct 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apple
Apple ipados Apple iphone Os Apple macos Apple safari Apple watchos |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Apple
Apple ipados Apple iphone Os Apple macos Apple safari Apple watchos |
|
Metrics |
cvssV3_1
|
Mon, 28 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: apple
Published: 2024-10-28T21:08:25.991Z
Updated: 2024-12-05T20:54:46.829Z
Reserved: 2024-08-20T21:42:05.923Z
Link: CVE-2024-44155
Vulnrichment
Updated: 2024-10-30T15:18:43.191Z
NVD
Status : Analyzed
Published: 2024-10-28T21:15:05.460
Modified: 2024-10-29T17:34:16.487
Link: CVE-2024-44155
Redhat
No data.