CVE-2024-44308
CVE-2024-44308
In short
A flaw in Safari and Apple devices allows attackers to run malicious code on your computer or phone by tricking you into viewing specially crafted web content. This is serious because it can give attackers complete control of your device.
Technical detail
A memory corruption or type confusion vulnerability in Safari's web content processing engine allows remote code execution when a user visits a malicious website. The attack requires user interaction (visiting a crafted webpage) and has been observed in active exploitation on Intel-based macOS systems.
Summary generated and translated by AI from the official description.
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
public PoCs found — 1
githubgithub.com/migopp/cve-2024-44308★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2024/Nov/16https://lists.debian.org/debian-lts-announce/2024/12/msg00003.htmlhttps://support.apple.com/en-us/121752https://support.apple.com/en-us/121753https://support.apple.com/en-us/121754https://support.apple.com/en-us/121755https://support.apple.com/en-us/121756https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308