CVE-2024-44206

Published: Oct 24, 2024Modified: Apr 2, 2026

9.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Exploitability: 3.9 / Impact: 4.7

Source: NVD

Description

An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.

Affected (6)

Products: Apple: Ipados, Iphone Os, Macos, Safari, Tvos, Visionos

6 products

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.6
Apple Iphone Os	Before 17.6
Apple Macos	Before 14.6
Apple Safari	Before 17.6
Apple Tvos	Before 17.6
Apple Visionos	Before 1.3

References (7)

https://support.apple.com/en-us/120909

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/120911

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/120913

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/120914

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/120915

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/120916

Source: product-security@apple.com

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2024/Nov/6

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.