CVE-2024-44259

EUVD-2024-40979
This issue was addressed through improved state management. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. An attacker may be able to misuse a trust relationship to download malicious content.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
applesafari
𝑥
< 18.1
appleipados
𝑥
< 17.7.1
appleipados
18.0 ≤
𝑥
< 18.1
appleiphone_os
𝑥
< 17.7.1
appleiphone_os
18.0 ≤
𝑥
< 18.1
applemacos
15.0 ≤
𝑥
< 15.1
applevisionos
𝑥
< 2.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
applevisionos
𝑥
< 2.1
ADP
appleios
𝑥
< 17.7
ADP
appleios
𝑥
< 18.1
ADP
appleipados
𝑥
< 17.7
ADP
appleipados
𝑥
< 18.1
ADP
References
https://support.apple.com/en-us/121563
https://support.apple.com/en-us/121564
https://support.apple.com/en-us/121566
https://support.apple.com/en-us/121567
https://support.apple.com/en-us/121571
http://seclists.org/fulldisclosure/2024/Oct/10
http://seclists.org/fulldisclosure/2024/Oct/11
http://seclists.org/fulldisclosure/2024/Oct/19
http://seclists.org/fulldisclosure/2024/Oct/9