{"cve":{"cve_id":"CVE-2024-44308","is_kev":true,"kev_date_added":"2024-11-21","kev_vendor_project":"Apple","kev_product":"Multiple Products","kev_vulnerability_name":"Apple Multiple Products Code Execution Vulnerability","kev_short_description":"Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.","kev_required_action":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","kev_due_date":"2024-12-12","kev_known_ransomware":false,"kev_notes":"https://support.apple.com/en-us/121752, https://support.apple.com/en-us/121753, https://support.apple.com/en-us/121754, https://support.apple.com/en-us/121755, https://support.apple.com/en-us/121756 ; https://nvd.nist.gov/vuln/detail/CVE-2024-44308","kev_cwes":[],"epss_score":0.09186,"epss_percentile":0.94667,"epss_as_of":"2026-06-23","description":"The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.","published_at":"2024-11-19T23:43:50.135000Z","last_modified_at":null,"cvss_v3_score":8.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":null,"nvd_references":["https://support.apple.com/en-us/121752","https://support.apple.com/en-us/121753","https://support.apple.com/en-us/121754","https://support.apple.com/en-us/121755","https://support.apple.com/en-us/121756"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-29T02:07:00.040580Z"},"effective_severity":"HIGH","badges":["kev"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"ios-and-ipados","product_name":"iOS and iPadOS","version_start":"0","version_start_inclusive":true,"version_end":"17.7.2","version_end_inclusive":false,"cpe23_uri":"cve5:apple:ios-and-ipados:0:17.7.2"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"ios-and-ipados","product_name":"iOS and iPadOS","version_start":"0","version_start_inclusive":true,"version_end":"18.1.1","version_end_inclusive":false,"cpe23_uri":"cve5:apple:ios-and-ipados:0:18.1.1"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"macos","product_name":"macOS","version_start":"0","version_start_inclusive":true,"version_end":"15.1.1","version_end_inclusive":false,"cpe23_uri":"cve5:apple:macos:0:15.1.1"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"safari","product_name":"Safari","version_start":"0","version_start_inclusive":true,"version_end":"18.1.1","version_end_inclusive":false,"cpe23_uri":"cve5:apple:safari:0:18.1.1"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"visionos","product_name":"visionOS","version_start":"0","version_start_inclusive":true,"version_end":"2.1.1","version_end_inclusive":false,"cpe23_uri":"cve5:apple:visionos:0:2.1.1"}],"exploit_refs":[],"news":[],"references":[{"url":"https://support.apple.com/en-us/121752","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/en-us/121753","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/en-us/121754","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/en-us/121755","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/en-us/121756","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2024-11-19T23:43:50.135000Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2024-11-21T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"cvss_changed","at":"2026-06-28T17:37:42.196022Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:37:42.196022Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:37:42.196022Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T02:07:00.040580Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:07:00.040580Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:07:00.040580Z","label":"SSVC decision revised","source":"vulnrichment"}]}