CVE-2024-44308

high

Description

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

References

Exploits
More

https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html

https://securityaffairs.com/171202/uncategorized/apple-fixed-2-actively-exploited-zero-day-bugs.html

https://www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/

https://support.apple.com/en-us/121753

https://support.apple.com/en-us/121756

https://support.apple.com/en-us/121755

https://support.apple.com/en-us/121754

https://support.apple.com/en-us/121752

Details

Source: Mitre, NVD

Published: 2024-11-20

Updated: 2024-11-27

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00517