CVE-2024-44309

KEV

🔴 Łataj teraz

Luka w zarządzaniu ciasteczkami w Safari umożliwia atak typu cross-site scripting.

CVSS

6.3

EPSS

1.3%

Exploit

weaponized

Vendor

apple

Opis źródłowy (NVD)

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

xss Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	6.3
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	1.3%
Opublikowano (NVD)	2024-11-20 00:15:17 UTC
Ostatnia modyfikacja (NVD)	2026-04-03 11:43:50 UTC

Referencje

https://support.apple.com/en-us/121752 (product-security@apple.com) [Vendor Advisory]
https://support.apple.com/en-us/121753 (product-security@apple.com) [Vendor Advisory]
https://support.apple.com/en-us/121754 (product-security@apple.com) [Vendor Advisory]
https://support.apple.com/en-us/121755 (product-security@apple.com) [Vendor Advisory]
https://support.apple.com/en-us/121756 (product-security@apple.com) [Vendor Advisory]
http://seclists.org/fulldisclosure/2024/Nov/16 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List, Third Party Advisory]
https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html (af854a3a-2127-422b-91ae-364da2661108) [Mailing List]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44309 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]