CVE-2024-44309
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
6.3
MEDIUM
CVSS 3.1
⚠ KEVEPSS 0.94%
Description
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
How to fix CVE-2024-44309
To remediate CVE-2024-44309, upgrade the affected package to a fixed version below.
- —upgrade to 2.46.4-1~deb11u1 or later
- —no fix listed
Is CVE-2024-44309 being exploited?
Yes — CVE-2024-44309 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (2)
- from 0, < 2.46.4-1~deb11u1
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |