CVE-2024-44308: 
Apple Safari vulnerability analysis and mitigation

CVE-2024-44308 is a critical security vulnerability affecting Apple's WebKit engine that was disclosed on November 19, 2024. The vulnerability impacts multiple Apple products including Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, and visionOS 2.1.1. The issue involves processing maliciously crafted web content that could lead to arbitrary code execution (Apple Advisory).

The vulnerability exists in the JavaScriptCore component of WebKit and was addressed with improved checks (WebKit Bugzilla: 283063). It has received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network attack vector, low attack complexity, no privileges required, and user interaction required (NVD).

The vulnerability allows attackers to execute arbitrary code through maliciously crafted web content. Apple has confirmed that this issue has been actively exploited on Intel-based Mac systems, making it a zero-day vulnerability (Apple Advisory, NVD).

Apple has released security updates to address this vulnerability across multiple platforms. Users should update to Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, or visionOS 2.1.1 as appropriate for their devices (Apple Advisory).

The vulnerability was discovered and reported by Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group, highlighting ongoing security research collaboration between major technology companies (Apple Advisory).