CVE-2024-44308

Advisory lineage Upstream: 0 Downstream: 13
Analyzed
Published: 19 Nov 2024, 23:43
Last modified:02 Apr 2026, 18:23

Vulnerability Summary

Overall Risk (default)
medium
36/100
CVSS Score
8.8 HIGH
v3.1 (cve.org)
EPSS Score
1.55% LOW
2% probability -0.31%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

19 Nov 2024, 23:43
Published
Vulnerability first disclosed
21 Nov 2024, 00:00
Added to CISA KEV
Apple Multiple Products Code Execution Vulnerability
12 Dec 2024, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
02 Apr 2026, 18:23
Last Modified
Vulnerability information updated

Description

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

CVSS Metrics

  • v3.1HIGHScore: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 1.55% Percentile: 81%

Affected Systems

  • appleios and ipados

    ≥ unspecified, < 18.1 | ≥ unspecified, < 17.7 | < 17.7.2 | < 18.1.1

  • appleipados

    < 17.7.2 | ≥ 18.0, < 18.1.1

  • appleiphone_os

    < 17.7.2 | ≥ 18.0, < 18.1.1

  • applemacos

    ≥ unspecified, < 15.1 | < 15.1.1 | ≥ 15.0, < 15.1.1

  • applesafari

    ≥ unspecified, < 18.1 | < 18.1.1

  • applevisionos

    ≥ unspecified, < 2.1 | < 2.1.1

  • debiandebian_linux

    11.0

References (8)