CVE-2024-44309

Name of the Vulnerable Software and Affected Versions Safari versions prior to 18.1.1 iOS versions prior to 17.7.2 and 18.1.1 iPadOS versions prior to 17.7.2 and 18.1.1 macOS Sequoia versions prior to 15.1.1 visionOS versions prior to 2.1.1

Description The issue is related to a cookie management problem that has been addressed with improved state management. Processing maliciously crafted web content may lead to a cross-site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

Recommendations For Safari versions prior to 18.1.1, update to Safari 18.1.1 or later. For iOS versions prior to 17.7.2 and 18.1.1, update to iOS 17.7.2 or iOS 18.1.1 or later. For iPadOS versions prior to 17.7.2 and 18.1.1, update to iPadOS 17.7.2 or iPadOS 18.1.1 or later. For macOS Sequoia versions prior to 15.1.1, update to macOS Sequoia 15.1.1 or later. For visionOS versions prior to 2.1.1, update to visionOS 2.1.1 or later. As a temporary workaround, consider restricting access to malicious web content to minimize the risk of exploitation.