Apple Addresses Issue with URL Protocol Handling
CVE-2024-44206

9.3CRITICAL

Key Information:

Vendor: Apple
Status: Watch OS; Mac OS; Safari; iOS And iPad OS
Vendor: CVE Published:; 24 October 2024

Summary

An issue exists in URL protocol handling that may lead to the circumvention of web content restrictions in certain Apple products. This vulnerability has been addressed with improved logic in recent versions of tvOS, visionOS, Safari, watchOS, iOS, iPadOS, and macOS. Users are encouraged to update their devices to the latest software versions to mitigate potential risks associated with this vulnerability.

Affected Version(s)

iOS and iPadOS < 17.6

macOS < 14.6

Safari < 17.6

References

https://support.apple.com/en-us/120916

https://support.apple.com/en-us/120911

https://support.apple.com/en-us/120913

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 24, 2024
Vulnerability Reserved
Aug 20, 2024