CVE-2024-44259

EUVD-2024-40979
This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. An attacker may be able to misuse a trust relationship to download malicious content.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
applesafari
𝑥
< 18.1
appleipados
𝑥
< 17.7.1
appleipados
18.0 ≤
𝑥
< 18.1
appleiphone_os
𝑥
< 17.7.1
appleiphone_os
18.0 ≤
𝑥
< 18.1
applemacos
15.0 ≤
𝑥
< 15.1
applevisionos
𝑥
< 2.1
𝑥
= Vulnerable software versions
References
https://support.apple.com/en-us/121563
https://support.apple.com/en-us/121564
https://support.apple.com/en-us/121566
https://support.apple.com/en-us/121567
https://support.apple.com/en-us/121571
http://seclists.org/fulldisclosure/2024/Oct/10
http://seclists.org/fulldisclosure/2024/Oct/11
http://seclists.org/fulldisclosure/2024/Oct/19
http://seclists.org/fulldisclosure/2024/Oct/9