Overview
- Description
- This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. An attacker may be able to misuse a trust relationship to download malicious content.
- Source
- product-security@apple.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Two vulnerabilities now patched of Safari and WebKit iOS 18.1 📌 CVE-2024-44259: Trust relationship misuse to download malicious content. 📌 CVE-2024-44296: Bypass of Content Security Policy (CSP) enforcement via malicious web content. Thanks to @Apple Security for their swift
@imnarendrabhati
29 Oct 2024
354 Impressions
0 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-44259 This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker m… https://t.co/18UsjBjoz2
@CVEnew
28 Oct 2024
748 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes