- Description
- The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple Multiple Products Code Execution Vulnerability
- Exploit added on
- Nov 21, 2024
- Exploit action due
- Dec 12, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
New post from https://t.co/uXvPWJy6tj (CVE-2024-44308 | Apple visionOS on Intel Web Content Remote Code Execution (Nessus ID 211691)) has been published on https://t.co/ZSQGRNv9lU
@WolfgangSesin
24 Feb 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔵 #Apple Multiple Products Code Execution Vulnerability #CVE-2024-44308 https://t.co/PX6MCxfpK5
@dailycve
30 Dec 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
If you liked my latest browser exploitation workshop, check out this writeup by XiaozaYa: https://t.co/L02N2nINvb (in Chinese). I just stumbled on it in relation to CVE-2024-44308, it covers a different bug in WebKit JavaScriptCore, the author's process of reverse engineering a…
@alisaesage
20 Dec 2024
5886 Impressions
18 Retweets
88 Likes
48 Bookmarks
0 Replies
0 Quotes
I am looking at latest 0-Day exploit attack on Safari (11.2024): CVE-2024-44308: JavaScriptCore DFG compiler logic issue to RCE - nothing new here CVE-2024-44309: WebKit Data Isolation bypass The thing is, there is no sandbox escapes in disclosure. Cve 44309 is a limited CSP… h
@alisaesage
18 Dec 2024
15320 Impressions
39 Retweets
196 Likes
76 Bookmarks
5 Replies
1 Quote
به تازگی آسیب پذیری با کد شناسایی CVE-2024-44308 برای مرورگر safari در apple منتشر شده است. این آسیب پذیری در کامپایلر WebKit’s DFG JIT این مرورگر وجود دارد این آسیب پذیری از نوع RCE بوده و نسخه های 17.7.1 و 18.1 مربوط به سیستم عامل IOS دارای این آسیب پذیری ها می باشند. https://t
@cybernetic_cy
15 Dec 2024
51 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری با کد شناسایی CVE-2024-44308 برای مرورگر safari در apple منتشر شده است. این آسیب پذیری در کامپایلر WebKit’s DFG JIT این مرورگر وجود دارد و نوع RCE بوده و نسخه های 17.7.1 و 18.1 مربوط به سیستم عامل IOS دارای این آسیب پذیری ها می باشند. https://t.co/Poz3aKY03t https://t.
@AmirHossein_sec
13 Dec 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
itw Apple Safari CVE-2024-44308 via SpeculativeJIT https://t.co/jAz6yYyY14
@8bitchip_
5 Dec 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-49039: Windows Task Scheduler EoP https://t.co/EGadnpuUwM 2. CVE-2024-44308: Apple Safari JavaScriptCore RCE https://t.co/ixNxb7ZROn 3. CVE-2024-8672: Authenticated Contributor RCE in Widget Options Plugin https://t.co/4Z7DoclzIe
@akaclandestine
5 Dec 2024
1171 Impressions
6 Retweets
13 Likes
11 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-49039: Windows Task Scheduler EoP https://t.co/bnmDNN2g0C 2. CVE-2024-44308: Apple Safari JavaScriptCore RCE https://t.co/Dtori8bcJ7 3. CVE-2024-8672: Authenticated Contributor RCE in Widget Options Plugin https://t.co/DHCWp89DtD
@ksg93rd
4 Dec 2024
1333 Impressions
10 Retweets
29 Likes
17 Bookmarks
0 Replies
0 Quotes
[In-The-Wild] CVE-2024-44308 : Apple Safari JavaScriptCore Remote Code Execution Vulnerability · Threat Intelligence https://t.co/ixNxb80pDV
@akaclandestine
3 Dec 2024
674 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-21287 is getting exploited #inthewild. Find out more at https://t.co/zxkLY8Soqk CVE-2024-44309 is getting exploited #inthewild. Find out more at https://t.co/C8QQNSrrFU CVE-2024-44308 is getting exploited #inthewild. Find out more at https://t.co/JGYVH1sML9
@inthewildio
3 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
iOS 17.0 - 18.1 Jailbreak Status Update New Safari JavaScript Core vulnerability (CVE-2024-44308) by Tomi Tokics is now open-source! https://t.co/h2RaUhyAzP Patched in iOS 17.7.2 & 18.1.1. Might help No-PC jailbreaks with more exploits. Stay tuned! #iOS18 #jailbreak #iP
@iExmo_Jailbreak
2 Dec 2024
241 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Safari Vulnerability Actively Exploited Apple has identified a severe remote code execution vulnerability in Safari, CVE-2024-44308, that is being actively exploited. See more in this thread
@oibrahim13912
2 Dec 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apple Safari Remote Code Execution Vulnerability Exploited In The Wild Source: https://t.co/7khNwpU7bk A critical remote code execution vulnerability in Apple Safari, identified as CVE-2024-44308 actively exploited in the wild. #vulnerability #cybersecurity
@gbhackers_news
2 Dec 2024
107 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-38063 2 - CVE-2023-50428 3 - CVE-2024-10924 4 - CVE-2024-11477 5 - CVE-2024-44308 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Dec 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Dohyun Lee says PoC for CVE-2024-44308 is coming https://t.co/FR8JDqY9nE
@ichitaso_bot
1 Dec 2024
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/X5a4jE2Vip This is about the first bug! It’s the CVE-2024-44308 ITW bug recently discovered in Apple Safari. I am currently developing a PoC code along with a brief explanation of this vulnerability.
@l33d0hyun
1 Dec 2024
18123 Impressions
32 Retweets
178 Likes
69 Bookmarks
9 Replies
0 Quotes
🔴 #Apple Safari, #iOS, iPadOS, #macOS Sequoia Vulnerability: Code Execution (#CVE-2024-44308 - Critical) - Critical https://t.co/3ADTgK9AuT
@dailycve
27 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WebKitGTK and WPE WebKit Security Advisory WSA-2024-0007 https://t.co/FluhJnjQBQ Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-44308) and cross site scripting (CVE-2024-44309). May have been actively exploited on Intel-based Mac.
@oss_security
27 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2024-44308 - exploited ITW)[JSC][DFG]'compilePutByValForIntTypedArray' invoked -> 'getIntTypedArrayStoreOperand' adds slow path -> 'scratch2GPR' allocated after slow path added -> inconsistent global state when slow path taken -> ... -> ACE https://t.co/MEao6E
@xvonfers
27 Nov 2024
1074 Impressions
2 Retweets
18 Likes
5 Bookmarks
0 Replies
0 Quotes
حملات XSS و اجرای کد مخرب در کمین کاربران Apple به گزارش پایگاه خبری میعاد، دو آسیبپذیری بحرانی با شناسههای CVE-2024-44308 و CVE-2024-44309 در محصولات Apple کشف شده است که به مهاجم اج... https://t.co/Q3PESoVpqb
@MiaadNews
26 Nov 2024
16 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple released patches for 2 zero-day vuln's in macOS & iOS. Both bugs, linked to processing malicious web content, have been exploited on Intel-based Macs. CVE-2024-44308 allows arbitrary code execution via JavaScriptCore & CVE-2024-44309 enables XSS through WebKit.
@Cyber_Sec_Raj
23 Nov 2024
46 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Apple แจ้งเตือนช่องโหว่ Zero-Day ร้ายแรงบน macOS ผู้ใช้ MacBook Intel ควรอัปเดตด่วน #Apple ออกแพตช์ความปลอดภัยสำหรับช่องโหว่ Zero-Day สองจุดที่ถูกใช้โจมตี MacBook ที่ใช้ชิป Intel โดยช่องโหว่แรก (CVE-2024-44308) เปิดให้แฮกเกอร์ใช้ JavaScriptcore… https://t.co/QotlF0cc3p https://t
@TokenPostTH
23 Nov 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Aggiornamenti critici per la sicurezza dei dispositivi Apple! Recentemente scoperte vulnerabilità zero-day (CVE-2024-44308, CVE-2024-44309) in macOS Sequoia colpiscono i Mac con processori Intel. Queste falle, che affettano anche iOS, iPadOS e visionOS, consentono attacchi XSS… h
@cyber_net_now
23 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-44308 is getting exploited #inthewild. Find out more at https://t.co/JGYVH1tkAH
@inthewildio
22 Nov 2024
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Howdy, @X Don’t forget to update your iPhone! •CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability •CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability #cybersecuritytips
@bmwalt
22 Nov 2024
36 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
#Apple released emergency #security updates to fix two #zeroday #vulnerabilities (CVE-2024-44308 & CVE-2024-44309) that were exploited in attacks on #Intel-based #Mac systems. #Cybersecurity #infosec https://t.co/LRA5kMGiPA https://t.co/DOa0UKDhZf
@twelvesec
22 Nov 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Společnost Apple upozorňuje napříč všemi zařízeními Apple, aby uživatelé neprodleně provedli aktuaizaci systému! CVE-2024-44308 — JavaScriptCore — Zpracování škodlivého obsahu webu může vést ke spuštění libovolného kódu. Apple si je vědom zprávy, že tento problém -01
@Tomas_Toman1972
21 Nov 2024
22 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
⚠️ Apple lanza parches para corregir fallas críticas (CVE-2024-44308 y 44309). ¡Actualiza ya tu iPhone, Mac y más! 🔒📱 #AppleUpdate #Ciberseguridad https://t.co/EtdH8tzMo7
@15segundosmx
21 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-44308 #Apple Multiple Products Code Execution Vulnerability https://t.co/uZvWVy4orZ
@ScyScan
21 Nov 2024
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds Three Known Exploited Vulnerabilities to Catalog: CVE-2024-44308 - Apple Code Execution CVE-2024-44309 - Apple XSS CVE-2024-21287 - Oracle Agile PLM Incorrect Authorization https://t.co/oCDbymKEfT https://t.co/Y6IYhEG5eM
@TMJIntel
21 Nov 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added #Oracle #AgilePLM & #Apple vulnerabilities, CVE-2024-21287, CVE-2024-44308, & CVE-2024-44309, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec
@CISACyber
21 Nov 2024
4704 Impressions
11 Retweets
24 Likes
2 Bookmarks
0 Replies
2 Quotes
CZ WARNS CRYPTO USERS: UPDATE APPLE DEVICES NOW Binance’s CZ Zhao alerts crypto users to critical macOS and iPhone exploits. Zero-day vulnerabilities CVE-2024-44308 and CVE-2024-44309 let hackers hijack devices and steal crypto keys: Apple’s patches for macOS 15.1.1 and iOS… ht
@ibcgroupio
21 Nov 2024
18749 Impressions
0 Retweets
6 Likes
0 Bookmarks
11 Replies
0 Quotes
CZ SAYS: PATCH UP OR LOSE YOUR BAG CZ sounds the alarm—a macOS/iPhone zero-day exploit can jack your crypto. CVE-2024-44308 allows hackers full control; CVE-2024-44309 targets Safari for data theft; Apple rolled out macOS 15.1.1 + iOS 18.1.1—so update or get rekt. Lazarus… htt
@RoundtableSpace
21 Nov 2024
36532 Impressions
3 Retweets
21 Likes
2 Bookmarks
42 Replies
0 Quotes
CZ SOUNDS THE ALARM: CRITICAL APPLE EXPLOITS THREATEN CRYPTO Changpeng “CZ” Zhao urges immediate updates to macOS and iOS—vulnerabilities CVE-2024-44308 and CVE-2024-44309 pose a direct risk to crypto users. These flaws enable attackers to execute code, steal data, and… https:/
@Crypto_TownHall
21 Nov 2024
10651 Impressions
3 Retweets
11 Likes
0 Bookmarks
23 Replies
0 Quotes
iOS 18.1.1—Update Now Warning Issued To All iPhone Users 🚨 Apple released iOS 18.1.1 with urgent security fixes for CVE-2024-44308 & CVE-2024-44309, addressing web content vulnerabilities. Update now! #iOSUpdate #SecurityFix #iPhone16ProMax https://t.co/a52xMoJJyF
@StarSnapx
21 Nov 2024
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple issues urgent macOS & iOS updates to patch 2 zero-days (CVE-2024-44308, CVE-2024-44309) exploited in the wild. Targets Intel-based Macs, allowing code execution & XSS via malicious web content. Update iOS/macOS! More APT attacks suspected. #CVE-2024-44309 #CVE-2024-
@malwhere018
21 Nov 2024
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#SicurezzaInformatica: Apple rilascia aggiornamenti critici! ️ Due vulnerabilità zero-day, identificate nei sistemi Mac Intel (CVE-2024-44308 e CVE-2024-44309), sono state prontamente risolte con l'ultima versione di macOS Sequoia 15.1.1. Gli aggiornamenti includono… https://t.c
@cyber_net_now
21 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Correctifs de sécurité Apple : CVE-2024-44308 & CVE-2024-44309 🚨 Apple corrige deux vulnérabilités critiques dans leurs OS : • CVE-2024-44308 (JavaScriptCore) : exécution de code à distance via contenu web. • CVE-2024-44309 (WebKit) : attaque XSS.
@MakeinLab
21 Nov 2024
55 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-44308
@transilienceai
21 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
吴说获悉,CZ 发推提醒,如果您使用的是基于 Intel 芯片的 Macbook,请尽快更新,保持安全。苹果公司已确认 macOS 系统出现两个零日漏洞(CVE-2024-44308、CVE-2024-44309)正在被黑客广泛利用,并紧急发布 iOS 18.1.1、macOS Sequoia 15.1.1 和 iOS 17.7.2 安全更新。这两个漏洞由 Google… https://t.co/erRfTdJBMl
@wublockchain12
21 Nov 2024
5888 Impressions
1 Retweet
2 Likes
4 Bookmarks
2 Replies
0 Quotes
Aunque la información sobre los exploits es limitada, la compañía informó que los sistemas Mac basados en Intel han sido atacados por cibercriminales que buscan explotar CVE-2024-44308 y CVE-2024-44309. #OpenSpring #ciberseguridad @DarkReading https://t.co/9qdjKs9VM6
@OpenSpringES
20 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple addressed twin flaws with an emergency patch release #Apple #CVE-2024-44308 #CVE-2024-44309 https://t.co/rv7QSCsT4P
@pravin_karthik
20 Nov 2024
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na dvě aktivně zneužívané zero-day zranitelnosti v produktech Apple. CVE-2024-44308: Zranitelnost v JavaScriptCore dovolí útočníkovi spustit škodlivý kód skrze škodlivý obsah na webové stránce. CVE-2024-44309: Zranitelnost ve WebKit může vést k XSS útokům během… h
@GOVCERT_CZ
20 Nov 2024
1565 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
1 Quote
Apple рассказала, какие уязвимости исправила в iOS/iPadOS 18.1.1, iOS/iPadOS 17.7.2, а также macOS Sequoia 15.1.1 В опубликованном документе Поддержки указаны две уязвимости, которые были закрыты в обновлениях: JavaScript Core и WebKit (CVE-2024-44308 и CVE-2024-44309). https://
@aaplpro
20 Nov 2024
674 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
اپل دو آسیب پذیری روز صفر CVE-2024-44308 و CVE-2024-44309 را پچ کرد https://t.co/awvBRkbq4I
@vulnerbyte
20 Nov 2024
36 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🤔webkit security fixes: CVE-2024-44308 https://t.co/Sw753CtrL8 and CVE-2024-44309: https://t.co/cAtBcEHEtR
@ntfargo
20 Nov 2024
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Aggiorna subito! Apple rilascia iOS 18.1.1 e iPadOS 18.1.1 ⚠️Risolte 2 vulnerabilità zero day - CVE-2024-44308 - CVE-2024-44309 https://t.co/rrxqXZavhv https://t.co/yXBZjtI9Nq https://t.co/ooOquukG1J
@techworldaleant
20 Nov 2024
207 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple releases urgent updates for macOS & iOS to fix 2 zero-day vulnerabilities: 🔹 CVE-2024-44308: Code execution 🔹 CVE-2024-44309: XSS ⚡ Update your devices now! Read more- https://t.co/clgb7vfNTE #Apple #CyberSecurity #ZeroDay
@redfoxsec
20 Nov 2024
28 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-44308: Critical RCE vuln in Apple Safari on Intel Web Content Handler. Upgrade ASAP to mitigate risks of remote exploitation. #CyberSecurity #BrowserSecurity
@oktsec
20 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BF8CCEA-CE0F-46DF-9A7A-83A55DE97BCE",
"versionEndExcluding": "18.1.1"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAEA98FE-8942-4B9B-B25E-AF99B5A650C3",
"versionEndExcluding": "17.7.2"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CE6128B-DBDB-4811-971D-1069382437D4",
"versionEndExcluding": "18.1.1",
"versionStartIncluding": "18.0"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4F19E10-37EA-44E1-A425-F879C39DF7A8",
"versionEndExcluding": "17.7.2"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "786A3E4B-531F-463E-BC62-F264E562C71F",
"versionEndExcluding": "18.1.1",
"versionStartIncluding": "18.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BF9E536-D3D2-474F-B4F4-564A20DDC1E6",
"versionEndExcluding": "15.1.1"
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "642BDC87-257B-4B0E-88D4-DDFC26F0723F",
"versionEndExcluding": "2.1.1"
}
],
"operator": "OR"
}
]
}
]