CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-44187

High Severity
Apple
SVRS
64/100
CVSSv3
6.5/10
EPSS
0.00055/1

CVE-2024-44187 is a cross-origin vulnerability affecting Safari, visionOS, watchOS, macOS, iOS, and iPadOS. This flaw allows a malicious website to potentially exfiltrate data from different origins using "iframe" elements. The vulnerability has been addressed with improved tracking of security origins in updated versions of these operating systems.

Despite a CVSS score of 6.5, the SOCRadar Vulnerability Risk Score (SVRS) is 64, indicating a moderate level of risk but not critical, needing immediate action if above 80. The nature of the data exfiltration risk is concerning, as it could compromise user privacy and security. Users should update their systems to the latest versions to mitigate this risk. The fact that it's tagged as "In The Wild" suggests that exploits exist and active attacks may occur.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:N
A:N
PUBLICATION DATE2024-09-17
LAST MODIFIED2025-03-14
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-44187 is a cross-origin vulnerability affecting Apple products (Safari, visionOS, watchOS, macOS, iOS, iPadOS, and tvOS). The vulnerability resides in the handling of "iframe" elements, allowing a malicious website to potentially exfiltrate data from other origins. Apple has addressed this with improved security origin tracking. The SOCRadar Vulnerability Risk Score (SVRS) for this CVE is 61, indicating a moderate risk that still requires attention, particularly given its exploitation in the wild.

Key Insights

  1. Cross-Origin Data Exfiltration: The core threat lies in the ability of a malicious website to bypass same-origin policies and steal sensitive data from other websites loaded within "iframe" elements. This can have severe implications for user privacy and security, especially if the targeted website contains confidential information.
  2. Exploitation In The Wild: The "In The Wild" tag signifies that CVE-2024-44187 is actively exploited by hackers. This greatly increases the risk, since the vulnerability is not only theoretical but has been weaponized and used in real-world attacks.
  3. Affected Apple Products: The broad range of impacted Apple products (Safari, visionOS, watchOS, macOS, iOS, iPadOS, and tvOS) means a large number of users are potentially vulnerable. Timely patching is crucial across all affected devices.
  4. Mitigation Through Updates: Apple has released fixes in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18, which highlight the importance of upgrading to the latest versions.

Mitigation Strategies

  1. Apply Software Updates Immediately: Prioritize updating all affected Apple devices (Safari, visionOS, watchOS, macOS, iOS, iPadOS, and tvOS) to the latest versions that include the fix for CVE-2024-44187. This is the most effective way to remediate the vulnerability.
  2. Implement Web Application Firewall (WAF) Rules: For organizations hosting web applications, consider implementing or updating Web Application Firewall (WAF) rules to detect and block potential cross-origin attacks targeting the "iframe" vulnerability. This can provide an additional layer of protection.
  3. User Awareness Training: Educate users about the risks of visiting untrusted websites and the importance of keeping their devices updated. Phishing campaigns often exploit known vulnerabilities, so user awareness is crucial.
  4. Monitor Network Traffic: Implement network monitoring solutions to detect suspicious activity that may indicate exploitation attempts targeting CVE-2024-44187. Look for unusual traffic patterns or attempts to access data from unexpected origins.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

1.838
2025-04-18
1.838 | Newly Added (101)Security Vulnerability fixed in Thunderbird 128.9.2Security Vulnerability fixed in Firefox 137.0.2Oracle MySQL CVE-2024-13176 VulnerabilityOracle JDK CVE-2024-27856 Code Injection Vulnerability
fortiguard.com
rss
forum
news
CVE-2024-44187 | Apple iOS/iPadOS iFrame cross-domain policy (Nessus ID 208985)
vuldb.com2025-03-10
CVE-2024-44187 | Apple iOS/iPadOS iFrame cross-domain policy (Nessus ID 208985) | A vulnerability classified as problematic has been found in Apple iOS and iPadOS. Affected is an unknown function of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is traded as CVE-2024-44187. It is possible to launch the attack remotely. There is
vuldb.com
rss
forum
news
CVE-2024-44187 | Apple watchOS iFrame cross-domain policy (Nessus ID 208985)
vuldb.com2025-03-10
CVE-2024-44187 | Apple watchOS iFrame cross-domain policy (Nessus ID 208985) | A vulnerability classified as problematic was found in Apple watchOS. Affected by this vulnerability is an unknown functionality of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is known as CVE-2024-44187. The attack can be launched remotely. There is no exploit
vuldb.com
rss
forum
news
CVE-2024-44187 | Apple Safari iFrame cross-domain policy (Nessus ID 208985)
vuldb.com2025-03-10
CVE-2024-44187 | Apple Safari iFrame cross-domain policy (Nessus ID 208985) | A vulnerability, which was classified as problematic, has been found in Apple Safari. Affected by this issue is some unknown functionality of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is handled as CVE-2024-44187. The attack may be launched remotely. There
vuldb.com
rss
forum
news
CVE-2024-44187 | Apple visionOS iFrame cross-domain policy (Nessus ID 208985)
vuldb.com2025-03-10
CVE-2024-44187 | Apple visionOS iFrame cross-domain policy (Nessus ID 208985) | A vulnerability was found in Apple visionOS. It has been rated as problematic. This issue affects some unknown processing of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The identification of this vulnerability is CVE-2024-44187. The attack may be initiated remotely. There is
vuldb.com
rss
forum
news
CVE-2024-44187 | Apple macOS iFrame cross-domain policy (Nessus ID 208985)
vuldb.com2025-03-10
CVE-2024-44187 | Apple macOS iFrame cross-domain policy (Nessus ID 208985) | A vulnerability was found in Apple macOS. It has been classified as problematic. This affects an unknown part of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is uniquely identified as CVE-2024-44187. It is possible to initiate the attack remotely. There
vuldb.com
rss
forum
news
CVE-2024-44187 | Apple tvOS iFrame cross-domain policy (Nessus ID 208985)
vuldb.com2025-03-10
CVE-2024-44187 | Apple tvOS iFrame cross-domain policy (Nessus ID 208985) | A vulnerability was found in Apple tvOS. It has been declared as problematic. This vulnerability affects unknown code of the component iFrame Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability was named CVE-2024-44187. The attack can be initiated remotely. There is no exploit available
vuldb.com
rss
forum
news

Social Media

New post from https://t.co/uXvPWJy6tj (CVE-2024-44187 | Apple visionOS iFrame cross-domain policy (Nessus ID 208985)) has been published on https://t.co/GkYYJpjPu8
0
0
0
New post from https://t.co/uXvPWJy6tj (CVE-2024-44187 | Apple macOS iFrame cross-domain policy (Nessus ID 208985)) has been published on https://t.co/cZAz6RrukP
0
0
0
New post from https://t.co/uXvPWJy6tj (CVE-2024-44187 | Apple tvOS iFrame cross-domain policy (Nessus ID 208985)) has been published on https://t.co/gxNGryxUew
0
0
0
🚨 Important Security Alert! DSA-5792-1 #webkit2gtk update fixes critical vulnerabilities CVE-2024-40866 & CVE-2024-44187. Stay secure - update your systems ASAP! #CyberSecurity #TechNews
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppApplesafari
OSAppleiphone_os
OSAppleipados
OSAppletvos
OSApplewatchos
OSApplemacos
OSApplevisionos

References

ReferenceLink
[email protected]https://support.apple.com/en-us/121238
[email protected]https://support.apple.com/en-us/121240
[email protected]https://support.apple.com/en-us/121241
[email protected]https://support.apple.com/en-us/121248
[email protected]https://support.apple.com/en-us/121249
[email protected]https://support.apple.com/en-us/121250

CWE Details

CWE IDCWE NameDescription
CWE-346Origin Validation ErrorThe software does not properly verify that the source of data or communication is valid.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence