{"api_version":"1","generated_at":"2026-04-22T16:04:58+00:00","cve":"CVE-2024-44308","urls":{"html":"https://cve.report/CVE-2024-44308","api":"https://cve.report/api/cve/CVE-2024-44308.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-44308","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-44308"},"summary":{"title":"CVE-2024-44308","description":"The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.","state":"PUBLISHED","assigner":"apple","published_at":"2024-11-20 00:15:17","updated_at":"2026-04-03 11:43:36"},"problem_types":["NVD-CWE-noinfo","Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.","CWE-noinfo Not enough information"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://support.apple.com/en-us/121756","name":"https://support.apple.com/en-us/121756","refsource":"product-security@apple.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2024/Nov/16","name":"http://seclists.org/fulldisclosure/2024/Nov/16","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/121754","name":"https://support.apple.com/en-us/121754","refsource":"product-security@apple.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/121752","name":"https://support.apple.com/en-us/121752","refsource":"product-security@apple.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/121753","name":"https://support.apple.com/en-us/121753","refsource":"product-security@apple.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html","name":"https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/121755","name":"https://support.apple.com/en-us/121755","refsource":"product-security@apple.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-44308","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44308","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apple","product":"Safari","version":"affected 18.1.1 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"iOS and iPadOS","version":"affected 17.7.2 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"iOS and iPadOS","version":"affected 18.1.1 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 15.1.1 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"visionOS","version":"affected 2.1.1 custom","platforms":[]},{"source":"ADP","vendor":"apple","product":"safari","version":"affected 18.1 custom","platforms":[]},{"source":"ADP","vendor":"apple","product":"macos","version":"affected 15.1 custom","platforms":[]},{"source":"ADP","vendor":"apple","product":"visionos","version":"affected 2.1 custom","platforms":[]},{"source":"ADP","vendor":"apple","product":"iphone_os","version":"affected 17.7 custom","platforms":[]},{"source":"ADP","vendor":"apple","product":"iphone_os","version":"affected 18.0 18.1 custom","platforms":[]},{"source":"ADP","vendor":"apple","product":"iphone_os","version":"affected 17.7 custom","platforms":[]},{"source":"ADP","vendor":"apple","product":"iphone_os","version":"affected 18.0 18.1 custom","platforms":[]},{"source":"ADP","vendor":"apple","product":"ipad_os","version":"affected 17.7 custom","platforms":[]},{"source":"ADP","vendor":"apple","product":"ipad_os","version":"affected 18.0 18.1 custom","platforms":[]},{"source":"ADP","vendor":"apple","product":"ipad_os","version":"affected 17.7 custom","platforms":[]},{"source":"ADP","vendor":"apple","product":"ipad_os","version":"affected 18.0 18.1 custom","platforms":[]}],"timeline":[{"source":"ADP","time":"2024-11-21T00:00:00.000Z","lang":"en","value":"CVE-2024-44308 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"44308","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"44308","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2024","cve_id":"44308","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2024","cve_id":"44308","cve":"CVE-2024-44308","vendorProject":"Apple","product":"Multiple Products","vulnerabilityName":"Apple Multiple Products Code Execution Vulnerability","dateAdded":"2024-11-21","shortDescription":"Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","dueDate":"2024-12-12","knownRansomwareCampaignUse":"Unknown","notes":"https://support.apple.com/en-us/121752, https://support.apple.com/en-us/121753, https://support.apple.com/en-us/121754, https://support.apple.com/en-us/121755, https://support.apple.com/en-us/121756 ; https://nvd.nist.gov/vuln/detail/CVE-2024-44308","cwes":"","catalogVersion":"2026.04.21","updated_at":"2026-04-21 13:32:18"},"epss":{"cve_year":"2024","cve_id":"44308","cve":"CVE-2024-44308","epss":"0.015890000","percentile":"0.816670000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:42"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"affected":[{"cpes":["cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"safari","vendor":"apple","versions":[{"lessThan":"18.1","status":"affected","version":"0","versionType":"custom"}]},{"cpes":["cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"macos","vendor":"apple","versions":[{"lessThan":"15.1","status":"affected","version":"0","versionType":"custom"}]},{"cpes":["cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"visionos","vendor":"apple","versions":[{"lessThan":"2.1","status":"affected","version":"0","versionType":"custom"}]},{"cpes":["cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*"],"defaultStatus":"unknown","product":"iphone_os","vendor":"apple","versions":[{"lessThan":"17.7","status":"affected","version":"0","versionType":"custom"},{"lessThan":"18.1","status":"affected","version":"18.0","versionType":"custom"}]},{"cpes":["cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*"],"defaultStatus":"unknown","product":"iphone_os","vendor":"apple","versions":[{"lessThan":"17.7","status":"affected","version":"0","versionType":"custom"},{"lessThan":"18.1","status":"affected","version":"18.0","versionType":"custom"}]},{"cpes":["cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"ipad_os","vendor":"apple","versions":[{"lessThan":"17.7","status":"affected","version":"0","versionType":"custom"},{"lessThan":"18.1","status":"affected","version":"18.0","versionType":"custom"}]},{"cpes":["cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"ipad_os","vendor":"apple","versions":[{"lessThan":"17.7","status":"affected","version":"0","versionType":"custom"},{"lessThan":"18.1","status":"affected","version":"18.0","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2024-44308","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2024-11-23T04:55:46.745399Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2024-11-21","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"description":"CWE-noinfo Not enough information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-21T22:55:35.607Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-44308"}],"timeline":[{"lang":"en","time":"2024-11-21T00:00:00.000Z","value":"CVE-2024-44308 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2025-11-03T22:13:32.370Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00003.html"},{"url":"http://seclists.org/fulldisclosure/2024/Nov/16"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"Safari","vendor":"Apple","versions":[{"lessThan":"18.1.1","status":"affected","version":"0","versionType":"custom"}]},{"product":"iOS and iPadOS","vendor":"Apple","versions":[{"lessThan":"17.7.2","status":"affected","version":"0","versionType":"custom"},{"lessThan":"18.1.1","status":"affected","version":"0","versionType":"custom"}]},{"product":"macOS","vendor":"Apple","versions":[{"lessThan":"15.1.1","status":"affected","version":"0","versionType":"custom"}]},{"product":"visionOS","vendor":"Apple","versions":[{"lessThan":"2.1.1","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems."}],"problemTypes":[{"descriptions":[{"description":"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-04-02T18:23:18.275Z","orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple"},"references":[{"url":"https://support.apple.com/en-us/121752"},{"url":"https://support.apple.com/en-us/121753"},{"url":"https://support.apple.com/en-us/121754"},{"url":"https://support.apple.com/en-us/121755"},{"url":"https://support.apple.com/en-us/121756"}]}},"cveMetadata":{"assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","assignerShortName":"apple","cveId":"CVE-2024-44308","datePublished":"2024-11-19T23:43:50.135Z","dateReserved":"2024-08-20T21:45:40.801Z","dateUpdated":"2026-04-02T18:23:18.275Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-11-20 00:15:17","lastModifiedDate":"2026-04-03 11:43:36","problem_types":["NVD-CWE-noinfo","Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.","CWE-noinfo Not enough information"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"18.1.1","matchCriteriaId":"5BF8CCEA-CE0F-46DF-9A7A-83A55DE97BCE"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"17.7.2","matchCriteriaId":"AAEA98FE-8942-4B9B-B25E-AF99B5A650C3"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionStartIncluding":"18.0","versionEndExcluding":"18.1.1","matchCriteriaId":"4CE6128B-DBDB-4811-971D-1069382437D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"17.7.2","matchCriteriaId":"F4F19E10-37EA-44E1-A425-F879C39DF7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionStartIncluding":"18.0","versionEndExcluding":"18.1.1","matchCriteriaId":"786A3E4B-531F-463E-BC62-F264E562C71F"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.1.1","matchCriteriaId":"AFC09E08-0FBA-4D99-A4B6-5562A8484BE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.1","matchCriteriaId":"642BDC87-257B-4B0E-88D4-DDFC26F0723F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"44308","Ordinal":"1","Title":"CVE-2024-44308","CVE":"CVE-2024-44308","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"44308","Ordinal":"1","NoteData":"The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.","Type":"Description","Title":"CVE-2024-44308"}]}}}