A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Metrics
Affected Vendors & Products
References
History
Fri, 29 Nov 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apple ipados
|
|
CPEs | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Apple ipados
|
Thu, 28 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus |
|
CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus |
|
References |
|
Fri, 22 Nov 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | webkitgtk: data isolation bypass vulnerability | |
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 21 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
Thu, 21 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apple
Apple ipad Os Apple iphone Os Apple macos Apple safari Apple visionos |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:* cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Apple
Apple ipad Os Apple iphone Os Apple macos Apple safari Apple visionos |
|
Metrics |
cvssV3_1
|
Tue, 19 Nov 2024 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: apple
Published: 2024-11-19T23:43:55.493Z
Updated: 2024-11-23T04:55:44.505Z
Reserved: 2024-08-20T21:45:40.801Z
Link: CVE-2024-44309
Vulnrichment
Updated: 2024-11-20T18:05:00.587Z
NVD
Status : Analyzed
Published: 2024-11-20T00:15:17.137
Modified: 2024-11-29T18:28:16.227
Link: CVE-2024-44309
Redhat