Skip to main content

Multiple vulnerabilities affect macOS Sequoia, iOS, iPadOS, Safari, and visionOS

Threat ID:CC-4579
Threat Severity:Medium
Published:20 November 2024 4:15 PM

Summary

Multiple vulnerabilities affect macOS Sequoia, iOS, iPadOS, Safari, and visionOS

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 18.1.1
Safari
Versions: all prior to 18.1.1, all prior to 17.7.2
iOS
Versions: all prior to 18.1.1, all prior to 17.7.2
iPadOS
Versions: all prior to 15.1.1
macOS Sequoia
Versions: all prior to 2.1.1
visionOS

Threat details

Exploitation

Apple reports that CVE-2024-44308 and CVE-2024-44309 may have been actively exploited on Intel-based mac systems.


Introduction

Apple has released security updates to address two vulnerabilities in multiple Apple products.

The vulnerability CVE-2024-44308 is a weakness in JavaScriptCore when processing of maliciously crafted web content. Successful exploitation by an attacker could cause arbitrary code execution

The second vulnerability CVE-2024-44309 is a vulnerability that impacts cookie management in WebKit that can may lead to a cross-site scripting attack during the processing of maliciously crafted web content.

Remediation advice

Affected organisations are encouraged to review Apple security releases and apply the relevant updates.

Remediation steps

  
Patch

Safari 18.1.1 | 121756


https://support.apple.com/en-us/121756
Patch

visionOS 2.1.1 | 121755


https://support.apple.com/en-us/121755
Patch

iOS 18.1.1 and iPadOS 18.1.1 | 121752


https://support.apple.com/en-us/121752
Patch

iOS 17.7.2 and iPadOS 17.7.2 | 121754


https://support.apple.com/en-us/121754
Patch

macOS Sequoia 15.1.1 | 121753


https://support.apple.com/en-us/121753

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-44308The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
 
StatusPublished
CVE-2024-44309A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Last edited: 20 November 2024 4:15 pm

Back to top