CVE-2024-44308

KEV

🔴 Łataj teraz

Wykonanie złośliwego kodu w Safari może prowadzić do zdalnego uruchomienia kodu.

CVSS

8.8

EPSS

1.6%

Exploit

weaponized

Vendor

apple

Opis źródłowy (NVD)

The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

rce Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	8.8
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	1.6%
Opublikowano (NVD)	2024-11-20 00:15:17 UTC
Ostatnia modyfikacja (NVD)	2026-04-03 11:43:36 UTC

Referencje

https://support.apple.com/en-us/121752 (product-security@apple.com) [Vendor Advisory]
https://support.apple.com/en-us/121753 (product-security@apple.com) [Vendor Advisory]
https://support.apple.com/en-us/121754 (product-security@apple.com) [Vendor Advisory]
https://support.apple.com/en-us/121755 (product-security@apple.com) [Vendor Advisory]
https://support.apple.com/en-us/121756 (product-security@apple.com) [Vendor Advisory]
http://seclists.org/fulldisclosure/2024/Nov/16 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List, Third Party Advisory]
https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]