A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.
History

Wed, 30 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 29 Oct 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple watchos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple watchos
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}


Mon, 28 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Description A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-10-28T21:08:25.991Z

Updated: 2024-12-05T20:54:46.829Z

Reserved: 2024-08-20T21:42:05.923Z

Link: CVE-2024-44155

cve-icon Vulnrichment

Updated: 2024-10-30T15:18:43.191Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-28T21:15:05.460

Modified: 2024-10-29T17:34:16.487

Link: CVE-2024-44155

cve-icon Redhat

No data.