A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
History

Fri, 29 Nov 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados

Thu, 28 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
cpe:/a:redhat:rhel_aus:8.2
cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6
Vendors & Products Redhat
Redhat enterprise Linux
Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus
References

Fri, 22 Nov 2024 14:00:00 +0000

Type Values Removed Values Added
Title webkitgtk: data isolation bypass vulnerability
References
Metrics threat_severity

None

threat_severity

Important


Thu, 21 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2024-11-21'}


Thu, 21 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipad Os
Apple iphone Os
Apple macos
Apple safari
Apple visionos
Weaknesses CWE-79
CPEs cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipad Os
Apple iphone Os
Apple macos
Apple safari
Apple visionos
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 19 Nov 2024 23:45:00 +0000

Type Values Removed Values Added
Description A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-11-19T23:43:55.493Z

Updated: 2024-11-23T04:55:44.505Z

Reserved: 2024-08-20T21:45:40.801Z

Link: CVE-2024-44309

cve-icon Vulnrichment

Updated: 2024-11-20T18:05:00.587Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-20T00:15:17.137

Modified: 2024-11-29T18:28:16.227

Link: CVE-2024-44309

cve-icon Redhat

Severity : Important

Publid Date: 2024-11-20T00:00:00Z

Links: CVE-2024-44309 - Bugzilla