CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-44296

High Severity
Apple
SVRS
53/100
CVSSv3
5.4/10
EPSS
0.0015/1

CVE-2024-44296 is a Content Security Policy (CSP) bypass vulnerability affecting various Apple products. This flaw allows maliciously crafted web content to circumvent CSP, potentially leading to cross-site scripting (XSS) or other attacks. The vulnerability has been addressed in updates for tvOS, iOS, iPadOS, watchOS, visionOS, macOS Sequoia, and Safari. Though the CVSS score is 5.4, indicating medium severity, SOCRadar's SVRS score of 53 suggests a moderate level of risk warranting attention. The 'In The Wild' tag further emphasizes the active exploitation of this vulnerability, so prompt patching is advised to secure your systems. Failing to apply the security updates could leave users exposed to attacks leveraging this vulnerability. The fix involves improved checks to ensure proper CSP enforcement.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:L
I:L
A:N
PUBLICATION DATE2024-10-28
LAST MODIFIED2024-11-14

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

1.838
2025-04-18
1.838 | Newly Added (101)Security Vulnerability fixed in Thunderbird 128.9.2Security Vulnerability fixed in Firefox 137.0.2Oracle MySQL CVE-2024-13176 VulnerabilityOracle JDK CVE-2024-27856 Code Injection Vulnerability
fortiguard.com
rss
forum
news
CVE-2024-44296 | Apple watchOS protection mechanism (Nessus ID 210137)
vuldb.com2025-03-02
CVE-2024-44296 | Apple watchOS protection mechanism (Nessus ID 210137) | A vulnerability has been found in Apple watchOS and classified as problematic. This vulnerability affects unknown code. The manipulation leads to protection mechanism failure. This vulnerability was named CVE-2024-44296. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news
CVE-2024-44296 | Apple visionOS protection mechanism (Nessus ID 210137)
vuldb.com2025-03-02
CVE-2024-44296 | Apple visionOS protection mechanism (Nessus ID 210137) | A vulnerability classified as problematic was found in Apple visionOS. Affected by this vulnerability is an unknown functionality. The manipulation leads to protection mechanism failure. This vulnerability is known as CVE-2024-44296. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news
CVE-2024-44296 | Apple iOS/iPadOS protection mechanism (Nessus ID 210137)
vuldb.com2025-03-02
CVE-2024-44296 | Apple iOS/iPadOS protection mechanism (Nessus ID 210137) | A vulnerability, which was classified as problematic, has been found in Apple iOS and iPadOS. Affected by this issue is some unknown functionality. The manipulation leads to protection mechanism failure. This vulnerability is handled as CVE-2024-44296. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news
CVE-2024-44296 | Apple tvOS protection mechanism (Nessus ID 210137)
vuldb.com2025-03-02
CVE-2024-44296 | Apple tvOS protection mechanism (Nessus ID 210137) | A vulnerability, which was classified as problematic, was found in Apple tvOS. This affects an unknown part. The manipulation leads to protection mechanism failure. This vulnerability is uniquely identified as CVE-2024-44296. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news
Apple visionOS 2.1 Released with Fix for Multiple Security Vulnerabilities - CybersecurityNews
2024-10-29
Apple visionOS 2.1 Released with Fix for Multiple Security Vulnerabilities - CybersecurityNews | News Content: Apple has recently rolled out the visionOS 2.1 update for its Apple Vision Pro mixed reality headset, addressing many critical security vulnerabilities that could have significant implications for user privacy and device integrity. The update includes fixes for over 25 security issues that could allow malicious actors to execute arbitrary code, access sensitive data, or cause system crashes. Among the most significant vulnerabilities patched is a kernel memory corruption issue that could enable apps to cause unexpected system termination or corrupt kernel memory. The update also addresses
google.com
rss
forum
news
Apple Vision Pro Vulnerabilities Addressed in visionOS 2.1 - The Cyber Express
2024-10-29
Apple Vision Pro Vulnerabilities Addressed in visionOS 2.1 - The Cyber Express | News Content: Apple has launched the highly anticipated visionOS 2.1 update for its innovative mixed reality headset, the Apple Vision Pro. This update is particularly important as it addresses a range of Apple Vision Pro vulnerabilities that could pose serious risks to user privacy and device security. The visionOS 2.1 update incorporates solutions for over 25 identified security flaws, some of which could allow malicious actors to execute arbitrary code, access sensitive information, or even crash the system. Among the most alarming vulnerabilities fixed is a kernel memory corruption
google.com
rss
forum
news

Social Media

Two vulnerabilities now patched of Safari and WebKit iOS 18.1 📌 CVE-2024-44259: Trust relationship misuse to download malicious content. 📌 CVE-2024-44296: Bypass of Content Security Policy (CSP) enforcement via malicious web content. Thanks to @Apple Security for their swift https://t.co/n54OMCYvOu
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppApplesafari
OSAppleiphone_os
OSApplewatchos
OSApplemacos
OSAppleipados
OSAppletvos
OSApplevisionos

References

ReferenceLink
[email protected]https://support.apple.com/en-us/121563
[email protected]https://support.apple.com/en-us/121565
[email protected]https://support.apple.com/en-us/121566
[email protected]https://support.apple.com/en-us/121567
[email protected]https://support.apple.com/en-us/121569
[email protected]https://support.apple.com/en-us/121563
[email protected]https://support.apple.com/en-us/121564
[email protected]https://support.apple.com/en-us/121565
[email protected]https://support.apple.com/en-us/121566
[email protected]https://support.apple.com/en-us/121567
[email protected]https://support.apple.com/en-us/121569
[email protected]https://support.apple.com/en-us/121571

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence