Apple products: Critical cross-site scripting vulnerability (CVE-2024-44309) #shorts #breaking

CVE

This CVE refers to a critical cross-site scripting vulnerability recently identified in certain Apple products, including Safari and operating systems like macOS, iOS, iPadOS, and visionOS, primarily affecting Intel-based systems. The flaw stems from an issue with cookie management that could allow attackers to manipulate web content surreptitiously, potentially leading to harmful cross-site scripting events. Reports suggest this vulnerability has been actively exploited, highlighting its significant threat potential to users relying on these platforms.

Watch the full video on YouTube: CVE-2024-44309

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-44309
Description
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Provider
apple
CWE / problem types
Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Affected Software Versions
Apple:Safari:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '18.1', 'versionType': 'custom'}],Apple:macOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '15.1', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '18.1', 'versionType': 'custom'}],Apple:visionOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '2.1', 'versionType': 'custom'}],Apple:iOS and iPadOS:[{'version': 'unspecified', 'status': 'affected', 'lessThan': '17.7', 'versionType': 'custom'}]
Date Published
2024-11-19T23:43:55.493Z
Last Updated
2024-11-23T04:55:44.505Z