A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.
References
Link | Resource |
---|---|
https://support.apple.com/en-us/121238 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/121240 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/121241 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/121250 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/121567 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Oct 2024, 17:34
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apple macos
Apple iphone Os Apple ipados Apple safari Apple watchos Apple |
|
CPE | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | NVD-CWE-noinfo | |
References | () https://support.apple.com/en-us/121238 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/121240 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/121241 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/121250 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/121567 - Release Notes, Vendor Advisory |
29 Oct 2024, 14:34
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 Oct 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-28 21:15
Updated : 2024-10-29 17:34
NVD link : CVE-2024-44155
Mitre link : CVE-2024-44155
CVE.ORG link : CVE-2024-44155
JSON object : View
Products Affected
apple
- macos
- watchos
- iphone_os
- safari
- ipados
CWE