The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
History

Wed, 27 Nov 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados

Fri, 22 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2024-11-21'}


Fri, 22 Nov 2024 14:00:00 +0000

Type Values Removed Values Added
Title webkitgtk: javascriptcore: processing maliciously crafted web content may lead to arbitrary code execution
References
Metrics threat_severity

None

threat_severity

Important


Thu, 21 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2024-11-21'}


Thu, 21 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2024-11-21'}


Thu, 21 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 20 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipad Os
Apple iphone Os
Apple macos
Apple safari
Apple visionos
CPEs cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipad Os
Apple iphone Os
Apple macos
Apple safari
Apple visionos
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 19 Nov 2024 23:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-11-19T23:43:50.135Z

Updated: 2024-11-23T04:55:45.840Z

Reserved: 2024-08-20T21:45:40.801Z

Link: CVE-2024-44308

cve-icon Vulnrichment

Updated: 2024-11-20T15:28:49.745Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-20T00:15:17.080

Modified: 2024-11-27T19:35:10.147

Link: CVE-2024-44308

cve-icon Redhat

Severity : Important

Publid Date: 2024-11-19T00:00:00Z

Links: CVE-2024-44308 - Bugzilla