Vulnerability Description
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 11.0 |
| Apple | Safari | < 18.1.1 |
| Apple | Ipados | < 17.7.2 |
| Apple | Iphone Os | < 17.7.2 |
| Apple | Macos | >= 15.0, < 15.1.1 |
| Apple | Visionos | < 2.1.1 |
Related Weaknesses (CWE)
References
- https://support.apple.com/en-us/121752Vendor Advisory
- https://support.apple.com/en-us/121753Vendor Advisory
- https://support.apple.com/en-us/121754Vendor Advisory
- https://support.apple.com/en-us/121755Vendor Advisory
- https://support.apple.com/en-us/121756Vendor Advisory
- http://seclists.org/fulldisclosure/2024/Nov/16Mailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/12/msg00003.htmlMailing List
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource
FAQ
What is CVE-2024-44309?
CVE-2024-44309 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS...
How severe is CVE-2024-44309?
CVE-2024-44309 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-44309?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Apple Safari, Apple Ipados, Apple Iphone Os, Apple Macos.