CVE-2024-44206
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apple | Safari | 0 < 17.6 | affected |
| Apple | iOS and iPadOS | 0 < 17.6 | affected |
| Apple | macOS | 0 < 14.6 | affected |
| Apple | tvOS | 0 < 17.6 | affected |
| Apple | visionOS | 0 < 1.3 | affected |
| Apple | watchOS | 0 < 10.6 | affected |
Weaknesses
- A user may be able to bypass some web content restrictions
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://support.apple.com/en-us/120909
- https://support.apple.com/en-us/120911
- https://support.apple.com/en-us/120913
- https://support.apple.com/en-us/120914
- https://support.apple.com/en-us/120915
- https://support.apple.com/en-us/120916
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.