CVE-2024-44229

Vulnerability

CVE-2024-44229 is an information leakage vulnerability affecting Safari's private browsing mode across multiple Apple platforms. The root cause is insufficient validation of browsing data state, which could allow the private browsing session's history to persist or become accessible outside the expected private context. Apple addressed this by adding additional validation to ensure that private browsing data is properly isolated and not inadvertently exposed.

Exploitation

Attackers would need to have some form of access to the affected device or its network traffic to exploit this flaw. The official description indicates that under certain conditions, private browsing may leak some browsing history. This could manifest as leftover cache entries, accessible session data, or other artifacts that a local attacker could retrieve. No authentication is required beyond the initial access to the device's file system or a privileged network position.

Impact

An attacker who successfully exploits this vulnerability could obtain partial browsing history that the user expected to be private. This could include visited URLs, page titles, or other metadata from the private browsing session. The severity is rated Medium (CVSS 5.3) because the leak is partial and likely requires physical or local access, but it undermines the core privacy promise of private browsing mode.

Mitigation

Apple has released security updates in macOS Sequoia 15.1, iOS 18.1, iPadOS 18.1, visionOS 2.1, and Safari 18.1 [1][2][3][4]. Users should update their devices to these or later versions to resolve the issue. No workarounds are documented; the recommended mitigation is to install the available patches.