CVE-2024-44308

HIGH KEV

Debian Linux < 18.1.1 - Denial of Service

Title source: rule

Description

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Exploits (1)

nomisec WORKING POC

by migopp · client-side

https://github.com/migopp/cve-2024-44308

View Code ZIP pw:eip

References (8)

[Vendor Advisory] https://support.apple.com/en-us/121752

[Vendor Advisory] https://support.apple.com/en-us/121753

[Vendor Advisory] https://support.apple.com/en-us/121754

[Vendor Advisory] https://support.apple.com/en-us/121755

[Vendor Advisory] https://support.apple.com/en-us/121756

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2024/Nov/16

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308

Scores

CVSS v3 8.8

EPSS 0.0157

EPSS Percentile 81.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-11-21

VulnCheck KEV 2024-11-19

InTheWild.io 2024-11-19

ENISA EUVD EUVD-2024-41207

Status published

Products (11)

Apple/iOS and iPadOS < 17.7.2

Apple/iOS and iPadOS < 18.1.1

apple/ipados < 17.7.2

apple/iphone_os < 17.7.2

apple/macos < 15.1.1

Apple/macOS < 15.1.1

apple/safari < 18.1.1

Apple/Safari < 18.1.1

apple/visionos < 2.1.1

Apple/visionOS < 2.1.1

... and 1 more

Published Nov 20, 2024

KEV Added Nov 21, 2024

Tracked Since Feb 18, 2026