Apple devices: arbitrary code execution via malicious web content (CVE-2024-44308) #shorts

CVE

This CVE-2024-44308 deals with the potential for arbitrary code execution through malicious web content, specifically targeting Intel-based Mac systems. This zero-day vulnerability affects several Apple products, including Safari, macOS, iOS, iPadOS, and visionOS. Hackers can exploit this issue by crafting web content that, when processed, can execute any code they choose on the vulnerable systems. This vulnerability is concerning as it has been reportedly exploited in the wild, demonstrating its capability to compromise affected devices before any fixes were available.

Watch the full video on YouTube: CVE-2024-44308

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-44308
Description
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Provider
apple
CWE / problem types
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Affected Software Versions
Apple:Safari:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '18.1', 'versionType': 'custom'}],Apple:macOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '15.1', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '18.1', 'versionType': 'custom'}],Apple:visionOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '2.1', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.7', 'versionType': 'custom'}]
Date Published
2024-11-19T23:43:50.135Z
Last Updated
2024-11-23T04:55:45.840Z