VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-926z-etmq-5yhc

Essentials
Severities (102)
References (17)
Severity details (19)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-926z-etmq-5yhc
Aliases	CVE-2024-44308
Summary	The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Status	Published
Exploitability	2.0
Weighted Severity	7.9
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44308.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00089	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00089	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00180	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00180	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00180	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00180	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.00517	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
epss	0.0549	https://api.first.org/data/v1/epss?cve=CVE-2024-44308
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2024-44308
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2024-44308
cvssv3.1	8.8	https://support.apple.com/en-us/121752
ssvc	Attend	https://support.apple.com/en-us/121752
ssvc	Track	https://support.apple.com/en-us/121752
cvssv3.1	8.8	https://support.apple.com/en-us/121753
ssvc	Attend	https://support.apple.com/en-us/121753
ssvc	Track	https://support.apple.com/en-us/121753
cvssv3.1	8.8	https://support.apple.com/en-us/121754
ssvc	Attend	https://support.apple.com/en-us/121754
ssvc	Track	https://support.apple.com/en-us/121754
cvssv3.1	8.8	https://support.apple.com/en-us/121755
ssvc	Attend	https://support.apple.com/en-us/121755
ssvc	Track	https://support.apple.com/en-us/121755
cvssv3.1	8.8	https://support.apple.com/en-us/121756
ssvc	Attend	https://support.apple.com/en-us/121756
ssvc	Track	https://support.apple.com/en-us/121756

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44308.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-44308
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44308
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
121752		https://support.apple.com/en-us/121752
121753		https://support.apple.com/en-us/121753
121754		https://support.apple.com/en-us/121754
121755		https://support.apple.com/en-us/121755
121756		https://support.apple.com/en-us/121756
2327931		https://bugzilla.redhat.com/show_bug.cgi?id=2327931
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:visionos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos::::::::
CVE-2024-44308		https://nvd.nist.gov/vuln/detail/CVE-2024-44308
USN-7142-1		https://usn.ubuntu.com/7142-1/

Data source	KEV
Date added	Nov. 21, 2024
Description	Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
Required action	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date	Dec. 12, 2024
Note	https://support.apple.com/en-us/121752, https://support.apple.com/en-us/121753, https://support.apple.com/en-us/121754, https://support.apple.com/en-us/121755, https://support.apple.com/en-us/121756 ; https://nvd.nist.gov/vuln/detail/CVE-2024-44308
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44308.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-44308

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-44308

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/121752

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-11-21T15:36:07Z/ Found at https://support.apple.com/en-us/121752

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T15:31:27Z/ Found at https://support.apple.com/en-us/121752

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/121753

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-11-21T15:36:07Z/ Found at https://support.apple.com/en-us/121753

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T15:31:27Z/ Found at https://support.apple.com/en-us/121753

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/121754

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-11-21T15:36:07Z/ Found at https://support.apple.com/en-us/121754

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T15:31:27Z/ Found at https://support.apple.com/en-us/121754

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/121755

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-11-21T15:36:07Z/ Found at https://support.apple.com/en-us/121755

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T15:31:27Z/ Found at https://support.apple.com/en-us/121755

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/121756

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-11-21T15:36:07Z/ Found at https://support.apple.com/en-us/121756

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T15:31:27Z/ Found at https://support.apple.com/en-us/121756

Exploit Prediction Scoring System (EPSS)

Percentile	0.17041
EPSS Score	0.00045
Published At	Nov. 20, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-11-21T12:21:45.023630+00:00	EPSS Importer	Import	https://epss.cyentia.com/epss_scores-current.csv.gz	35.0.0