Severity
High
Analysis Summary
CVE-2024-44308 CVSS:8.8
Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JavaScriptCore component. By persuading a victim to open specially crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-44309 CVSS:6.1
Apple Safari is vulnerable to cross-site scripting, caused by a cookie management issue in the WebKit component. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Impact
- Code Execution
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-44308
- CVE-2024-44309
Affected Vendors
Affected Products
- Apple Safari 18.1.0
- Apple visionOS 2.1.0
- Apple macOS Sequoia 15.1.0
- Apple iOS 17.7.1
- Apple iPadOS 17.7.1
- Apple iPadOS 18.1.0
- Apple iOS 18.1.0
Remediation
Refer to Apple Security Advisory for patch, upgrade or suggested workaround information.