Medium severity6.3CISA KEVNVD Advisory· Published Nov 20, 2024· Updated Apr 3, 2026

CVE-2024-44309

Description

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Affected products

Apple Inc./Safari
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Range: <18.1.1
Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <17.7.2
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <17.7.2
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: >=15.0,<15.1.1
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <2.1.1
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2024/Nov/16nvdMailing ListThird Party Advisory
support.apple.com/en-us/121752nvdVendor Advisory
support.apple.com/en-us/121753nvdVendor Advisory
support.apple.com/en-us/121754nvdVendor Advisory
support.apple.com/en-us/121755nvdVendor Advisory
support.apple.com/en-us/121756nvdVendor Advisory
lists.debian.org/debian-lts-announce/2024/12/msg00003.htmlnvdMailing List
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.001
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000