CVE-2024-44308

Published Nov 20, 2024

Last updated 6 days ago

Exploit knownCVSS high 8.8

Overview

Description
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Source
product-security@apple.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Apple Multiple Products Code Execution Vulnerability
Exploit added on
Nov 21, 2024
Exploit action due
Dec 12, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2024-21287 is getting exploited #inthewild. Find out more at https://t.co/zxkLY8Soqk CVE-2024-44309 is getting exploited #inthewild. Find out more at https://t.co/C8QQNSrrFU CVE-2024-44308 is getting exploited #inthewild. Find out more at https://t.co/JGYVH1sML9

    @inthewildio

    3 Dec 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. iOS 17.0 - 18.1 Jailbreak Status Update New Safari JavaScript Core vulnerability (CVE-2024-44308) by Tomi Tokics is now open-source! https://t.co/h2RaUhyAzP Patched in iOS 17.7.2 & 18.1.1. Might help No-PC jailbreaks with more exploits. Stay tuned! #iOS18 #jailbreak #iP

    @iExmo_Jailbreak

    2 Dec 2024

    241 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Critical Safari Vulnerability Actively Exploited Apple has identified a severe remote code execution vulnerability in Safari, CVE-2024-44308, that is being actively exploited. See more in this thread

    @oibrahim13912

    2 Dec 2024

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Apple Safari Remote Code Execution Vulnerability Exploited In The Wild Source: https://t.co/7khNwpU7bk A critical remote code execution vulnerability in Apple Safari, identified as CVE-2024-44308 actively exploited in the wild. #vulnerability #cybersecurity

    @gbhackers_news

    2 Dec 2024

    107 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Top 5 Trending CVEs: 1 - CVE-2024-38063 2 - CVE-2023-50428 3 - CVE-2024-10924 4 - CVE-2024-11477 5 - CVE-2024-44308 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Dec 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Dohyun Lee says PoC for CVE-2024-44308 is coming https://t.co/FR8JDqY9nE

    @ichitaso_bot

    1 Dec 2024

    117 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. https://t.co/X5a4jE2Vip This is about the first bug! It’s the CVE-2024-44308 ITW bug recently discovered in Apple Safari. I am currently developing a PoC code along with a brief explanation of this vulnerability.

    @l33d0hyun

    1 Dec 2024

    18123 Impressions

    32 Retweets

    178 Likes

    69 Bookmarks

    9 Replies

    0 Quotes

  8. 🔴 #Apple Safari, #iOS, iPadOS, #macOS Sequoia Vulnerability: Code Execution (#CVE-2024-44308 - Critical) - Critical https://t.co/3ADTgK9AuT

    @dailycve

    27 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. WebKitGTK and WPE WebKit Security Advisory WSA-2024-0007 https://t.co/FluhJnjQBQ Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-44308) and cross site scripting (CVE-2024-44309). May have been actively exploited on Intel-based Mac.

    @oss_security

    27 Nov 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. (CVE-2024-44308 - exploited ITW)[JSC][DFG]'compilePutByValForIntTypedArray' invoked -> 'getIntTypedArrayStoreOperand' adds slow path -> 'scratch2GPR' allocated after slow path added -> inconsistent global state when slow path taken -> ... -> ACE https://t.co/MEao6E

    @xvonfers

    27 Nov 2024

    1074 Impressions

    2 Retweets

    18 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  11. حملات XSS و اجرای کد مخرب در کمین کاربران Apple به گزارش پایگاه خبری میعاد، دو آسیب‌پذیری بحرانی با شناسه‌های CVE-2024-44308 و CVE-2024-44309 در محصولات Apple کشف شده است که به مهاجم اج... https://t.co/Q3PESoVpqb

    @MiaadNews

    26 Nov 2024

    16 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Apple released patches for 2 zero-day vuln's in macOS & iOS. Both bugs, linked to processing malicious web content, have been exploited on Intel-based Macs. CVE-2024-44308 allows arbitrary code execution via JavaScriptCore & CVE-2024-44309 enables XSS through WebKit.

    @Cyber_Sec_Raj

    23 Nov 2024

    46 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Apple แจ้งเตือนช่องโหว่ Zero-Day ร้ายแรงบน macOS ผู้ใช้ MacBook Intel ควรอัปเดตด่วน #Apple ออกแพตช์ความปลอดภัยสำหรับช่องโหว่ Zero-Day สองจุดที่ถูกใช้โจมตี MacBook ที่ใช้ชิป Intel โดยช่องโหว่แรก (CVE-2024-44308) เปิดให้แฮกเกอร์ใช้ JavaScriptcore… https://t.co/QotlF0cc3p https://t

    @TokenPostTH

    23 Nov 2024

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Aggiornamenti critici per la sicurezza dei dispositivi Apple! Recentemente scoperte vulnerabilità zero-day (CVE-2024-44308, CVE-2024-44309) in macOS Sequoia colpiscono i Mac con processori Intel. Queste falle, che affettano anche iOS, iPadOS e visionOS, consentono attacchi XSS… h

    @cyber_net_now

    23 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2024-44308 is getting exploited #inthewild. Find out more at https://t.co/JGYVH1tkAH

    @inthewildio

    22 Nov 2024

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Howdy, @X Don’t forget to update your iPhone! •CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability •CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability #cybersecuritytips

    @bmwalt

    22 Nov 2024

    36 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  17. #Apple released emergency #security updates to fix two #zeroday #vulnerabilities (CVE-2024-44308 & CVE-2024-44309) that were exploited in attacks on #Intel-based #Mac systems. #Cybersecurity #infosec https://t.co/LRA5kMGiPA https://t.co/DOa0UKDhZf

    @twelvesec

    22 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Společnost Apple upozorňuje napříč všemi zařízeními Apple, aby uživatelé neprodleně provedli aktuaizaci systému! CVE-2024-44308 — JavaScriptCore — Zpracování škodlivého obsahu webu může vést ke spuštění libovolného kódu. Apple si je vědom zprávy, že tento problém -01

    @Tomas_Toman1972

    21 Nov 2024

    22 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  19. ⚠️ Apple lanza parches para corregir fallas críticas (CVE-2024-44308 y 44309). ¡Actualiza ya tu iPhone, Mac y más! 🔒📱 #AppleUpdate #Ciberseguridad https://t.co/EtdH8tzMo7

    @15segundosmx

    21 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-44308 #Apple Multiple Products Code Execution Vulnerability https://t.co/uZvWVy4orZ

    @ScyScan

    21 Nov 2024

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CISA Adds Three Known Exploited Vulnerabilities to Catalog: CVE-2024-44308 - Apple Code Execution CVE-2024-44309 - Apple XSS CVE-2024-21287 - Oracle Agile PLM Incorrect Authorization https://t.co/oCDbymKEfT https://t.co/Y6IYhEG5eM

    @TMJIntel

    21 Nov 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🛡️ We added #Oracle #AgilePLM & #Apple vulnerabilities, CVE-2024-21287, CVE-2024-44308, & CVE-2024-44309, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec

    @CISACyber

    21 Nov 2024

    4704 Impressions

    11 Retweets

    24 Likes

    2 Bookmarks

    0 Replies

    2 Quotes

  23. CZ WARNS CRYPTO USERS: UPDATE APPLE DEVICES NOW Binance’s CZ Zhao alerts crypto users to critical macOS and iPhone exploits. Zero-day vulnerabilities CVE-2024-44308 and CVE-2024-44309 let hackers hijack devices and steal crypto keys: Apple’s patches for macOS 15.1.1 and iOS… ht

    @ibcgroupio

    21 Nov 2024

    18749 Impressions

    0 Retweets

    6 Likes

    0 Bookmarks

    11 Replies

    0 Quotes

  24. CZ SAYS: PATCH UP OR LOSE YOUR BAG CZ sounds the alarm—a macOS/iPhone zero-day exploit can jack your crypto. CVE-2024-44308 allows hackers full control; CVE-2024-44309 targets Safari for data theft; Apple rolled out macOS 15.1.1 + iOS 18.1.1—so update or get rekt. Lazarus… htt

    @RoundtableSpace

    21 Nov 2024

    36532 Impressions

    3 Retweets

    21 Likes

    2 Bookmarks

    42 Replies

    0 Quotes

  25. CZ SOUNDS THE ALARM: CRITICAL APPLE EXPLOITS THREATEN CRYPTO Changpeng “CZ” Zhao urges immediate updates to macOS and iOS—vulnerabilities CVE-2024-44308 and CVE-2024-44309 pose a direct risk to crypto users. These flaws enable attackers to execute code, steal data, and… https:/

    @Crypto_TownHall

    21 Nov 2024

    10651 Impressions

    3 Retweets

    11 Likes

    0 Bookmarks

    23 Replies

    0 Quotes

  26. iOS 18.1.1—Update Now Warning Issued To All iPhone Users 🚨 Apple released iOS 18.1.1 with urgent security fixes for CVE-2024-44308 & CVE-2024-44309, addressing web content vulnerabilities. Update now! #iOSUpdate #SecurityFix #iPhone16ProMax https://t.co/a52xMoJJyF

    @StarSnapx

    21 Nov 2024

    100 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Apple issues urgent macOS & iOS updates to patch 2 zero-days (CVE-2024-44308, CVE-2024-44309) exploited in the wild. Targets Intel-based Macs, allowing code execution & XSS via malicious web content. Update iOS/macOS! More APT attacks suspected. #CVE-2024-44309 #CVE-2024-

    @malwhere018

    21 Nov 2024

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. #SicurezzaInformatica: Apple rilascia aggiornamenti critici! ️ Due vulnerabilità zero-day, identificate nei sistemi Mac Intel (CVE-2024-44308 e CVE-2024-44309), sono state prontamente risolte con l'ultima versione di macOS Sequoia 15.1.1. Gli aggiornamenti includono… https://t.c

    @cyber_net_now

    21 Nov 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨 Correctifs de sécurité Apple : CVE-2024-44308 & CVE-2024-44309 🚨 Apple corrige deux vulnérabilités critiques dans leurs OS : • CVE-2024-44308 (JavaScriptCore) : exécution de code à distance via contenu web. • CVE-2024-44309 (WebKit) : attaque XSS.

    @MakeinLab

    21 Nov 2024

    55 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  30. Actively exploited CVE : CVE-2024-44308

    @transilienceai

    21 Nov 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. 吴说获悉,CZ 发推提醒,如果您使用的是基于 Intel 芯片的 Macbook,请尽快更新,保持安全。苹果公司已确认 macOS 系统出现两个零日漏洞(CVE-2024-44308、CVE-2024-44309)正在被黑客广泛利用,并紧急发布 iOS 18.1.1、macOS Sequoia 15.1.1 和 iOS 17.7.2 安全更新。这两个漏洞由 Google… https://t.co/erRfTdJBMl

    @wublockchain12

    21 Nov 2024

    5888 Impressions

    1 Retweet

    2 Likes

    4 Bookmarks

    2 Replies

    0 Quotes

  32. Aunque la información sobre los exploits es limitada, la compañía informó que los sistemas Mac basados ​​en Intel han sido atacados por cibercriminales que buscan explotar CVE-2024-44308 y CVE-2024-44309. #OpenSpring #ciberseguridad @DarkReading https://t.co/9qdjKs9VM6

    @OpenSpringES

    20 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Apple addressed twin flaws with an emergency patch release #Apple #CVE-2024-44308 #CVE-2024-44309 https://t.co/rv7QSCsT4P

    @pravin_karthik

    20 Nov 2024

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🚨Upozorňujeme na dvě aktivně zneužívané zero-day zranitelnosti v produktech Apple. CVE-2024-44308: Zranitelnost v JavaScriptCore dovolí útočníkovi spustit škodlivý kód skrze škodlivý obsah na webové stránce. CVE-2024-44309: Zranitelnost ve WebKit může vést k XSS útokům během… h

    @GOVCERT_CZ

    20 Nov 2024

    1565 Impressions

    3 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  35. Apple рассказала, какие уязвимости исправила в iOS/iPadOS 18.1.1, iOS/iPadOS 17.7.2, а также macOS Sequoia 15.1.1 В опубликованном документе Поддержки указаны две уязвимости, которые были закрыты в обновлениях: JavaScript Core и WebKit (CVE-2024-44308 и CVE-2024-44309). https://

    @aaplpro

    20 Nov 2024

    674 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  36. اپل دو آسیب ‌پذیری روز صفر CVE-2024-44308 و CVE-2024-44309 را پچ کرد https://t.co/awvBRkbq4I

    @vulnerbyte

    20 Nov 2024

    36 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🤔webkit security fixes: CVE-2024-44308 https://t.co/Sw753CtrL8 and CVE-2024-44309: https://t.co/cAtBcEHEtR

    @ntfargo

    20 Nov 2024

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🚨Aggiorna subito! Apple rilascia iOS 18.1.1 e iPadOS 18.1.1 ⚠️Risolte 2 vulnerabilità zero day - CVE-2024-44308 - CVE-2024-44309 https://t.co/rrxqXZavhv https://t.co/yXBZjtI9Nq https://t.co/ooOquukG1J

    @techworldaleant

    20 Nov 2024

    207 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Apple releases urgent updates for macOS & iOS to fix 2 zero-day vulnerabilities: 🔹 CVE-2024-44308: Code execution 🔹 CVE-2024-44309: XSS ⚡ Update your devices now! Read more- https://t.co/clgb7vfNTE #Apple #CyberSecurity #ZeroDay

    @redfoxsec

    20 Nov 2024

    28 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 🚨 CVE-2024-44308: Critical RCE vuln in Apple Safari on Intel Web Content Handler. Upgrade ASAP to mitigate risks of remote exploitation. #CyberSecurity #BrowserSecurity

    @oktsec

    20 Nov 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Apple fixes two zero-days used in attacks on Intel-based Macs: https://t.co/HAZgvBNDJD Apple released security updates addressing two zero-day vulnerabilities exploited in attacks on Intel-based Macs. The flaws, CVE-2024-44308 in JavaScriptCore and CVE-2024-44309 in WebKit,… htt

    @securityRSS

    20 Nov 2024

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. CRITICAL VULNERABILITIES Apple - About the security content of visionOS 2.1.1 URL: https://t.co/egqygoHgsJ Classification: Critical, Solution: Official Fix, Exploit Maturity: Unproven, CVSSv3.1: None CVEs: CVE-2024-44308, CVE-2024-44309 #apple #securety

    @CharyyevPerman

    20 Nov 2024

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 🔨アップルが2件のゼロデイ脆弱性に対処:CVE-2024-44308、CVE-2024-44309 〜サイバーアラート 11月20日〜 https://t.co/Lgw09sHuCv #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    20 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. macOSにゼロデイ攻撃あり。Apple公式確認済み。修正が配信されている。GoogleのTAG(脅威分析グループ)からの報告。CVE-2024-44308は、JavaScriptCoreにおいて細工された悪性Webコンテンツの閲覧時に任意のコードが実行される問題。CVE-2024-44309はWebKitでのXSS。 https://t.co/p2TPFgLEXl

    @__kokumoto

    19 Nov 2024

    1833 Impressions

    6 Retweets

    21 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  45. 📣 EMERGENCY UPDATES 📣 Apple pushed additional updates for 2 zero-days that may have been actively exploited. 🐛 CVE-2024-44308 (JavaScriptCore) additional patches, 🐛 CVE-2024-44309 (WebKit) additional patches: - Safari 18.1.1

    @ApplSec

    19 Nov 2024

    278 Impressions

    1 Retweet

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  46. macOS Sequoia 15.1.1 / iPadOS 18.1.1 にアップデート完了。 Intel ベースの Mac システムで積極的に悪用されている可能性があるゼロデイ脆弱性 CVE-2024-44308、CVE-2024-44309 に対処との事。

    @macmacintosh

    19 Nov 2024

    215 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  47. Apple Confirms Zero-Day Attacks Hitting Macs - (CVE-2024-44308, CVE-2024-44309) -> https://t.co/R1WcxzjRz9

    @SecurityWeek

    19 Nov 2024

    8930 Impressions

    57 Retweets

    87 Likes

    24 Bookmarks

    0 Replies

    3 Quotes

  48. 📣 EMERGENCY UPDATES 📣 Apple pushed additional updates for 2 zero-days that may have been actively exploited. 🐛 CVE-2024-44308 (JavaScriptCore) additional patches, 🐛 CVE-2024-44309 (WebKit) additional patches: - visionOS 2.1.1

    @ApplSec

    19 Nov 2024

    313 Impressions

    3 Retweets

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  49. 📣 EMERGENCY UPDATES 📣 Apple pushed updates for 2 new zero-days that may have been actively exploited. 🐛 CVE-2024-44308 (JavaScriptCore), 🐛 CVE-2024-44309 (WebKit): - iOS and iPadOS 17.7.2 - iOS and iPadOS 18.1.1 - macOS Sequoia 15.1.1

    @ApplSec

    19 Nov 2024

    603 Impressions

    1 Retweet

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References