Vulnerability Description
An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | < 17.6 |
| Apple | Ipados | < 17.6 |
| Apple | Iphone Os | < 17.6 |
| Apple | Macos | < 14.6 |
| Apple | Tvos | < 17.6 |
| Apple | Visionos | < 1.3 |
References
- https://support.apple.com/en-us/120909Release NotesVendor Advisory
- https://support.apple.com/en-us/120911Release NotesVendor Advisory
- https://support.apple.com/en-us/120913Release NotesVendor Advisory
- https://support.apple.com/en-us/120914Release NotesVendor Advisory
- https://support.apple.com/en-us/120915Release NotesVendor Advisory
- https://support.apple.com/en-us/120916Release NotesVendor Advisory
- http://seclists.org/fulldisclosure/2024/Nov/6
FAQ
What is CVE-2024-44206?
CVE-2024-44206 is a vulnerability with a CVSS score of 9.3 (CRITICAL). An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A u...
How severe is CVE-2024-44206?
CVE-2024-44206 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-44206?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos.