CVE-2024-44309
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
| Vendor | apple |
| Product | safari |
| Ecosystems | |
| Industries | Technology |
| Published | Nov 19, 2024 |
| Last Updated | Apr 2, 2026 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for apple safari
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-44309.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Apple / Safari
0 < 18.1.1
Apple / iOS and iPadOS
0 < 17.7.2 0 < 18.1.1
Apple / macOS
0 < 15.1.1
Apple / visionOS
0 < 2.1.1
References
support.apple.com: https://support.apple.com/en-us/121752 support.apple.com: https://support.apple.com/en-us/121753 support.apple.com: https://support.apple.com/en-us/121754 support.apple.com: https://support.apple.com/en-us/121755 support.apple.com: https://support.apple.com/en-us/121756 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44309 lists.debian.org: https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html seclists.org: http://seclists.org/fulldisclosure/2024/Nov/16