Safari Addresses Cookie Management Issue, Patches Cross-Site Scripting Flaw
CVE-2024-44309
Key Information
- Vendor
- Apple
- Status
- Mac OS
- Visionos
- iPhone OS
- Safari
- Vendor
- CVE Published:
- 20 November 2024
Badges
What is CVE-2024-44309?
CVE-2024-44309 is a significant vulnerability found in Apple's Safari browser, which is designed for web browsing on various Apple devices, including Macs, iPhones, and iPads. This vulnerability specifically pertains to the management of cookies within the browser, which, if exploited, could allow malicious web content to initiate cross-site scripting (XSS) attacks. Such attacks can severely compromise data integrity and user privacy, potentially enabling cybercriminals to access sensitive information, manipulate web sessions, or deploy further malicious payloads.
Technical Details
This vulnerability stems from inadequate state management concerning cookies in Safari. It has been addressed in recent updates to Safari (version 18.1.1), iOS (17.7.2 and 18.1.1), and macOS (Sequoia 15.1.1). The flaw allows attackers to process maliciously crafted web content, which can trigger XSS, resulting in unauthorized actions being executed on behalf of an unsuspecting user. Apple has acknowledged that this issue may have been actively exploited, particularly on Intel-based Mac systems, making it crucial for users to apply the available security updates.
Potential impact of CVE-2024-44309
-
Data Breach Risk: The vulnerability opens the door for attackers to execute XSS attacks, which can lead to the theft of sensitive user data, including authentication tokens, personal information, and financial details, thereby posing a significant risk to user privacy and data confidentiality.
-
Session Hijacking: Malicious actors can exploit this vulnerability to hijack user sessions, enabling them to impersonate the user on various web applications and services. This can facilitate unauthorized transactions or access to restricted areas of accounts, leading to further exploitation.
-
Propagation of Malware: By leveraging XSS, attackers could potentially deliver malware to users' systems, increasing the likelihood of widespread infection. This not only impacts the individual user but can also pose risks to organizational networks if exploited within corporate environments.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-44309 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
News Articles
CybersecurityNewsCISA Warns of Apple & Oracle Agile Vulnerabilities Exploited in Wild
CISA has issued an urgent advisory regarding three critical vulnerabilities affecting Apple and Oracle products.
1 month ago
Apple warns 2 macOS zero-day vulnerabilities under attack | TechTarget
Apple published a security update with limited details on zero-day vulnerabilities CVE-2024-44308 and CVE-2024-44309 in macOS Sequoia.
1 month ago
Help Net SecurityApple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) - Help Net Security
Apple has released security updates for macOS Sequoia that fix two exploited zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308).
1 month ago
References
CVSS V3.1
Timeline
- π¦
CISA Reported
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π°
First article discovered by Help Net Security
Vulnerability published