CVE-2024-44296

Published Oct 28, 2024

Last updated 3 days ago

CVSS medium 5.4

Overview

Description: The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Source: product-security@apple.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.5
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Two vulnerabilities now patched of Safari and WebKit iOS 18.1 📌 CVE-2024-44259: Trust relationship misuse to download malicious content. 📌 CVE-2024-44296: Bypass of Content Security Policy (CSP) enforcement via malicious web content. Thanks to @Apple Security for their swift
@imnarendrabhati
29 Oct 2024
354 Impressions
0 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65D91653-5027-489A-B579-AA18414C3747",
            "versionEndExcluding": "18.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F42291CA-6AC4-4F11-AC23-B3FE25139483",
            "versionEndExcluding": "17.7.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012",
            "versionEndExcluding": "18.1",
            "versionStartIncluding": "18.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "468FFF6F-879C-4AF4-BC42-6A1AA30441C3",
            "versionEndExcluding": "17.7.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5",
            "versionEndExcluding": "18.1",
            "versionStartIncluding": "18.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D298E1D-DD23-4D35-9DE4-E3F5999F97AA",
            "versionEndExcluding": "15.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D57FCAE-9B33-4532-BC69-BC3D35719EDB",
            "versionEndExcluding": "18.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15E4723D-CD2B-4486-A69C-27F843844A80",
            "versionEndExcluding": "2.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1",
            "versionEndExcluding": "11.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References