Apple devices: arbitrary code execution via malicious web content (CVE-2024-44308) #shorts
CVE
This CVE-2024-44308 deals with the potential for arbitrary code execution through malicious web content, specifically targeting Intel-based Mac systems. This zero-day vulnerability affects several Apple products, including Safari, macOS, iOS, iPadOS, and visionOS. Hackers can exploit this issue by crafting web content that, when processed, can execute any code they choose on the vulnerable systems. This vulnerability is concerning as it has been reportedly exploited in the wild, demonstrating its capability to compromise affected devices before any fixes were available.
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.
CVE database technical details
Description
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CWE / problem types
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Affected Software Versions
Apple:Safari:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '18.1', 'versionType': 'custom'}],Apple:macOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '15.1', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '18.1', 'versionType': 'custom'}],Apple:visionOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '2.1', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.7', 'versionType': 'custom'}]
Date Published
2024-11-19T23:43:50.135Z
Last Updated
2024-11-23T04:55:45.840Z