Medium severity6.3CISA KEVNVD Advisory· Published Nov 20, 2024· Updated Apr 3, 2026
CVE-2024-44309
CVE-2024-44309
Description
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
59cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <18.1.1
- (no CPE)range: <18.1.1
- osv-coords52 versionspkg:rpm/almalinux/webkit2gtk3pkg:rpm/almalinux/webkit2gtk3-develpkg:rpm/almalinux/webkit2gtk3-jscpkg:rpm/almalinux/webkit2gtk3-jsc-develpkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
< 2.46.3-2.el9_5+ 51 more
- (no CPE)range: < 2.46.3-2.el9_5
- (no CPE)range: < 2.46.3-2.el9_5
- (no CPE)range: < 2.46.3-2.el9_5
- (no CPE)range: < 2.46.3-2.el9_5
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.3-150600.12.21.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.3-150600.12.21.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.3-150600.12.21.1
- (no CPE)range: < 2.46.3-150200.127.1
- (no CPE)range: < 2.46.3-150200.127.1
- (no CPE)range: < 2.46.3-150200.127.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.5-150400.4.103.1
- (no CPE)range: < 2.46.5-150400.4.103.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.3-150600.12.21.1
- (no CPE)range: < 2.46.3-4.22.1
- (no CPE)range: < 2.46.3-150200.127.1
- (no CPE)range: < 2.46.3-150200.127.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.5-150400.4.103.1
- (no CPE)range: < 2.46.3-150200.127.1
- (no CPE)range: < 2.46.3-150200.127.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.5-150400.4.103.1
- (no CPE)range: < 2.46.3-4.22.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.5-150400.4.103.1
- (no CPE)range: < 2.46.5-150400.4.103.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.3-150600.12.21.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.5-150400.4.103.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.5-150400.4.103.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.5-150400.4.103.1
- (no CPE)range: < 2.46.5-150400.4.103.1
- (no CPE)range: < 2.46.3-150600.12.21.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.3-150600.12.21.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.5-150400.4.103.1
- (no CPE)range: < 2.46.3-150400.4.97.1
- (no CPE)range: < 2.46.5-150400.4.103.1
Patches
Vulnerability mechanics
References
8- seclists.org/fulldisclosure/2024/Nov/16nvdMailing ListThird Party Advisory
- support.apple.com/en-us/121752nvdVendor Advisory
- support.apple.com/en-us/121753nvdVendor Advisory
- support.apple.com/en-us/121754nvdVendor Advisory
- support.apple.com/en-us/121755nvdVendor Advisory
- support.apple.com/en-us/121756nvdVendor Advisory
- lists.debian.org/debian-lts-announce/2024/12/msg00003.htmlnvdMailing List
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.