CVE-2024-44309
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- August 20, 2024
- Published Date
- November 19, 2024
- Last Updated
- November 23, 2024
- Vendor
- Apple
- Product
- Safari, macOS, iOS and iPadOS, visionOS
- Description
- A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
CVSS Scores
SSVC Information
- Exploitation
- active
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (added 2024-11-21 00:00:00 UTC) Source
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-11-21 00:00:00 UTC |