CVE-2024-44155: A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1,...

0.0 CVSS

Description

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.

Classification

CVE ID: CVE-2024-44155

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Apple

Product: macOS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 25.18% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121567
https://support.apple.com/en-us/121250
https://support.apple.com/en-us/121240
https://support.apple.com/en-us/121241

Timeline

2024-12-06 00:32:08 UTC
CVE

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1,...