Ongoing Campaign Compromised Over 2,000 Palo Alto Networks Devices
November 22, 2024Over 145,000 Industrial Control Systems from 175 Countries Discovered to be Vulnerable
November 22, 2024Ongoing Campaign Compromised Over 2,000 Palo Alto Networks Devices
November 22, 2024Over 145,000 Industrial Control Systems from 175 Countries Discovered to be Vulnerable
November 22, 2024Severity
High
Analysis Summary
CVE-2024-44308 CVSS:8.8
Apple Safari could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JavaScriptCore component. By persuading a victim to open specially crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-44309 CVSS:6.1
Apple Safari is vulnerable to cross-site scripting, caused by a cookie management issue in the WebKit component. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Impact
- Code Execution
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-44308
- CVE-2024-44309
Affected Vendors
Affected Products
- Apple Safari 18.1.0
- Apple visionOS 2.1.0
- Apple macOS Sequoia 15.1.0
- Apple iOS 17.7.1
- Apple iPadOS 17.7.1
- Apple iPadOS 18.1.0
- Apple iOS 18.1.0
Remediation
Refer to Apple Security Advisory for patch, upgrade or suggested workaround information.