CVE-2024-44309

Confirmed PUBLISHED

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS...

Apple · Safari, iOS and iPadOS, macOS, visionOS
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
6.3 Medium

At a Glance

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

macos ios nessus_scanner cisa
CVE Published
Nov 19, 2024
Exploitation Reported
Nov 21, 2024
CVSS
6.3 Medium
EPSS
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
apple
safari

0 to < 18.1

Affected
apple
macos

0 to < 15.1

Affected
apple
visionos

0 to < 2.1

Affected
apple
iphone_os

0 to < 17.7

Affected
apple
iphone_os

18.0 to < 18.1

Affected
apple
iphone_os

0 to < 17.7

Affected
apple
iphone_os

18.0 to < 18.1

Affected
apple
ipad_os

0 to < 17.7

Affected
apple
ipad_os

18.0 to < 18.1

Affected
apple
ipad_os

0 to < 17.7

Affected
apple
ipad_os

18.0 to < 18.1

Affected
Apple
Safari

0 to < 18.1.1

Affected
Apple
iOS and iPadOS

0 to < 17.7.2

Affected
Apple
iOS and iPadOS

0 to < 18.1.1

Affected
Apple
macOS

0 to < 15.1.1

Affected
Apple
visionOS

0 to < 2.1.1

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.