What is the severity of CVE-2024-44155?

CVE-2024-44155 is classified as a high-severity vulnerability due to its potential to violate iframe sandboxing policies.

How do I fix CVE-2024-44155?

To fix CVE-2024-44155, users should update to Safari 18, iOS 17.7.1, iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, or any later versions.

What impact does CVE-2024-44155 have on users?

CVE-2024-44155 can allow maliciously crafted web content to bypass security policies, potentially exposing users to security risks.

Which software versions are affected by CVE-2024-44155?

CVE-2024-44155 affects Safari versions prior to 18.0, iPadOS versions prior to 17.7.1, iPhone OS versions prior to 17.7.1, macOS versions prior to 15.0, and watchOS versions prior to 11.0.

Is there a known exploit for CVE-2024-44155?

As of now, there is no public disclosure of an active exploit specifically targeting CVE-2024-44155.

Vulnerability/
CVE-2024-44155

medium

6.5

CWE

20 362 119 190

16/9/2024

28/10/2024

18/3/2025

CVE-2024-44155: Input Validation

First published: Mon Sep 16 2024(Updated: 4 weeks ago)

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.

Credit: Kirin @Pwnrin Rodolphe Brunetti @eisw0lf CVE-2023-4504 Csaba Fitzl @theevilbit Kandjian anonymous researcher @08Tc3wBB JamfDenis Tokarev @illusionofcha0s Yiğit Can YILMAZ @yilmazcanyigit Mickey Jin @patch1t Junsung Lee dw0r ZeroPointer Lab working with Trend Micro Zero Day InitiativeMichael DePlante @izobashi Trend Micro Zero Day InitiativeAntonio Zekić Andrew Lytvynov Alexander Heinrich SEEMOO DistriNet KU Leuven @vanhoefm TU Darmstadt @Sn0wfreeze Mathy Vanhoef Jeff Johnson (underpassapp.com) OSS-Fuzz Google Project ZeroNed Williamson Google Project ZeroRodolphe BRUNETTI @eisw0lf Kirin @Pwnrin Fudan UniversityLFY @secsys Fudan UniversityOlivier Levon CVE-2023-5841 Meng Zhang (鲸落) NorthSeaajajfxhj Brian McNulty Computer ScienceCristian Dinca Computer ScienceRomania Vaibhav Prajapati CVE-2024-39894 Wojciech Regula SecuRingRifa'i Rejal Maynando Narendra Bhati Cyber Security at Suma Soft PvtManager Cyber Security at Suma Soft PvtPune (India) Zhongquan Li @Guluisacat Yiğit Can YILMAZ @yilmazcanyigit SecuRingKirin @Pwnrin NorthSea냥냥 Halle Winkler Politepix @hallewinkler Vivek Dhar working as Assistant Sub-Inspector (RM) in Border Security Force (Frontier Headquarter BSF Kashmir) Pedro José Pereira Vieito @pvieito luckyu @uuulucky NorthSeaOm Kothawade the UNTHSC College of PharmacyOmar A. Alanis the UNTHSC College of PharmacyBistrit Dahal Matej Moravec @MacejkoMoravec K宝 LFY @secsys Smi1e yulige Cristian Dinca (icmd.tech) Arsenii Kostromin (0x3c3e) Ron Masas BreakPointJonathan Bar Or @yo_yo_yo_jbo MicrosoftBohdan Stasiuk @Bohdan_Stasiuk CVE-2024-41957 Narendra Bhati Cyber Security At Suma Soft PvtManager Cyber Security At Suma Soft PvtTashita Software Security Ron Masas Hafiizh HakTrakYoKo Kho @yokoacc HakTrakTim Michaud @TimGMichaud MoveworksAntonio Zekic @antoniozekic ant4g0nist Charly Suchanek CVE-2024-44134 Preet Dsouza (Fleming College Computer Security & Investigations Program) Domien Schepers Tim Clem Gergely Kalman @gergely_kalman Koh M. Nakagawa @tsunek0h Pedro Tôrres @t0rr3sp3dr0 CVE-2024-44130 Pwn2car Trend Micro Zero Day InitiativeClaudio Bozzato Cisco TalosFrancesco Benvenuto Cisco TalosHolger Fuhrmannek Anton Boegler Snoolie Keffaber @0xilis Jake Derouin (jakederouin.com) CVE-2024-44129 Kenneth Chew Joshua Keller Lukas Anamika Adhikari Om Kothawade Zaprico DigitalChi Yuan Chang ZUSO ARTtaikosoup Srijan Poudel Justin Cohen Daniele Antonioli Hichem Maloufi Christian Mina Ismail Amzdak Nimrat Khalsa Davis Dai James Gill @infosec.exchange) @jjtech Bing Shi Alibaba GroupWenchao Li Alibaba GroupXiaolong Bai Alibaba Group Indiana University BloomingtonLuyi Xing Indiana University BloomingtonBraylon @softwarescool Ivan Fratric Google Project ZeroHossein Lotfi @hosselot Trend Micro Zero Day InitiativeWang Yu CyberservalJunsung Lee Trend Micro Zero Day InitiativeJex Amro Mateusz Krzywicki @krzywix Tuan D. Hoang Chloe Surett Abhay Kailasia @abhay_kailasia Lakshmi Narain College of Technology Bhopal IndiaRizki Maulana (rmrizki.my.id) Matthew Butler Jake Derouin product-security@apple.com

Affected Software	Affected Version	How to fix
macOS	<15	15
Apple iOS, iPadOS, and watchOS	<11	11
Safari	<18	18
Apple iOS and iPadOS	<18	18
Apple iOS, iPadOS, and macOS	<18	18
Apple iOS and iPadOS	<17.7.1	17.7.1
Apple iOS, iPadOS, and macOS	<17.7.1	17.7.1
Safari	<18.0
Apple iOS, iPadOS, and macOS	<17.7.1
iPhone OS	<17.7.1
macOS	<15.0
Apple iOS, iPadOS, and watchOS	<11.0

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/121238 (Advisory)
https://support.apple.com/en-us/121567 (Advisory)
https://support.apple.com/en-us/121250 (Advisory)
https://support.apple.com/en-us/121240 (Advisory)
https://support.apple.com/en-us/121241 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-44129
CVE-2024-44153
CVE-2024-44188
CVE-2024-40792
CVE-2024-40825
CVE-2024-44130
CVE-2024-44182
CVE-2024-44154
CVE-2024-40845
CVE-2024-40846
CVE-2024-44164
CVE-2024-40837
CVE-2024-40847
CVE-2024-40848
CVE-2024-44168
CVE-2024-27860
CVE-2024-27861
CVE-2024-40841
CVE-2024-27795
CVE-2024-44135
CVE-2024-44132
CVE-2024-44126
CVE-2024-44128
CVE-2024-44151
CVE-2024-27876
CVE-2024-44172
CVE-2024-27869
CVE-2024-27875
CVE-2024-44146
CVE-2024-27849
CVE-2023-4504
CVE-2024-40855
CVE-2024-44148
CVE-2024-44177
CVE-2024-54469
CVE-2024-44131
CVE-2024-40850
CVE-2024-54463
CVE-2024-40831
CVE-2024-27880
CVE-2024-44176
CVE-2024-40861
CVE-2024-44160
CVE-2024-44161
CVE-2024-44169
CVE-2024-44165
CVE-2024-44175
CVE-2024-44191
CVE-2024-54560
CVE-2024-44122
CVE-2024-44198
CVE-2024-40791
CVE-2024-54473
CVE-2024-44181
CVE-2024-44183
CVE-2023-5841
CVE-2024-27858
CVE-2024-44167
CVE-2024-40838
CVE-2024-44186
CVE-2024-39894
CVE-2024-44178
CVE-2024-40826
CVE-2024-44149
CVE-2024-40797
CVE-2024-44155
CVE-2024-44125
CVE-2024-44163
CVE-2024-44203
CVE-2024-44144
CVE-2024-44137
CVE-2024-44174
CVE-2024-44123
CVE-2024-40801
CVE-2024-44158
CVE-2024-40844
CVE-2024-44145
CVE-2024-44179
CVE-2024-44170
CVE-2024-40860
CVE-2024-44152
CVE-2024-44166
CVE-2024-44190
CVE-2024-54558
CVE-2024-44133
CVE-2024-44184
CVE-2024-40859
CVE-2024-41957
CVE-2024-54467
CVE-2024-44192
CVE-2024-40857
CVE-2024-40866
CVE-2024-44187
CVE-2024-44227
CVE-2024-54546
CVE-2024-40770
CVE-2024-23237
CVE-2024-44134
CVE-2024-40856
CVE-2024-44189
CVE-2024-44208
CVE-2024-40842
CVE-2024-40843
CVE-2024-44171
CVE-2024-44202
CVE-2024-40840
CVE-2024-40830
CVE-2024-40852
CVE-2024-27874
CVE-2024-44124
CVE-2024-44147
CVE-2024-44217
CVE-2024-44127
CVE-2024-40863
CVE-2024-40853
CVE-2024-44139
CVE-2024-44180
CVE-2024-27879
CVE-2024-44274
CVE-2024-44232
CVE-2024-44233
CVE-2024-44234
CVE-2024-44240
CVE-2024-44302
CVE-2024-44282
CVE-2024-40854
CVE-2024-44215
CVE-2024-44297
CVE-2024-44239
CVE-2024-44258
CVE-2024-44252
CVE-2024-44259
CVE-2024-44218
CVE-2024-54538
CVE-2024-44269
CVE-2024-54470
CVE-2024-44278
CVE-2024-44261
CVE-2024-44296

Frequently Asked Questions

What is the severity of CVE-2024-44155?
CVE-2024-44155 is classified as a high-severity vulnerability due to its potential to violate iframe sandboxing policies.
How do I fix CVE-2024-44155?
To fix CVE-2024-44155, users should update to Safari 18, iOS 17.7.1, iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, or any later versions.
What impact does CVE-2024-44155 have on users?
CVE-2024-44155 can allow maliciously crafted web content to bypass security policies, potentially exposing users to security risks.
Which software versions are affected by CVE-2024-44155?
CVE-2024-44155 affects Safari versions prior to 18.0, iPadOS versions prior to 17.7.1, iPhone OS versions prior to 17.7.1, macOS versions prior to 15.0, and watchOS versions prior to 11.0.
Is there a known exploit for CVE-2024-44155?
As of now, there is no public disclosure of an active exploit specifically targeting CVE-2024-44155.

agent/references
agent/type
agent/severity
agent/weakness
agent/last-modified-date
agent/source
agent/description
agent/first-publish-date
agent/event
agent/author
agent/softwarecombine
agent/tags
collector/apple-support
source/Apple
alias/CVE-2023-4504
alias/CVE-2024-40855
alias/CVE-2024-44148
alias/CVE-2024-44177
alias/CVE-2024-54469
alias/CVE-2024-44131
alias/CVE-2024-40850
alias/CVE-2024-54463
alias/CVE-2024-40831
alias/CVE-2024-27880
alias/CVE-2024-44176
alias/CVE-2024-40861
alias/CVE-2024-44160
alias/CVE-2024-44161
alias/CVE-2024-44169
alias/CVE-2024-44165
alias/CVE-2024-44175
alias/CVE-2024-44191
alias/CVE-2024-54560
alias/CVE-2024-44122
alias/CVE-2024-44198
alias/CVE-2024-40791
alias/CVE-2024-54473
alias/CVE-2024-44181
alias/CVE-2024-44183
alias/CVE-2023-5841
alias/CVE-2024-27858
alias/CVE-2024-44167
alias/CVE-2024-40838
alias/CVE-2024-44186
alias/CVE-2024-39894
alias/CVE-2024-44178
alias/CVE-2024-40826
alias/CVE-2024-44149
alias/CVE-2024-40797
alias/CVE-2024-44155
alias/CVE-2024-44125
alias/CVE-2024-44163
alias/CVE-2024-44203
alias/CVE-2024-44144
alias/CVE-2024-44137
alias/CVE-2024-44174
alias/CVE-2024-44123
alias/CVE-2024-40801
alias/CVE-2024-40837
alias/CVE-2024-44158
alias/CVE-2024-40844
alias/CVE-2024-44145
alias/CVE-2024-44179
alias/CVE-2024-44170
alias/CVE-2024-40860
alias/CVE-2024-44152
alias/CVE-2024-44166
alias/CVE-2024-44190
alias/CVE-2024-54558
alias/CVE-2024-44133
alias/CVE-2024-44184
alias/CVE-2024-40859
alias/CVE-2024-41957
alias/CVE-2024-54467
alias/CVE-2024-44192
alias/CVE-2024-40857
alias/CVE-2024-40866
alias/CVE-2024-44187
alias/CVE-2024-44227
alias/CVE-2024-54546
alias/CVE-2024-40770
alias/CVE-2024-23237
alias/CVE-2024-44134
alias/CVE-2024-40856
alias/CVE-2024-44189
alias/CVE-2024-44208
alias/CVE-2024-40842
alias/CVE-2024-40843
alias/CVE-2024-27875
alias/CVE-2024-44146
alias/CVE-2024-27849
agent/software-canonical-lookup
alias/CVE-2024-27869
alias/CVE-2024-40792
alias/CVE-2024-40825
alias/CVE-2024-44130
alias/CVE-2024-44182
alias/CVE-2024-44154
alias/CVE-2024-40845
alias/CVE-2024-40846
alias/CVE-2024-44164
alias/CVE-2024-40847
alias/CVE-2024-40848
alias/CVE-2024-44168
alias/CVE-2024-27860
alias/CVE-2024-27861
alias/CVE-2024-40841
alias/CVE-2024-27795
alias/CVE-2024-44135
alias/CVE-2024-44132
alias/CVE-2024-44126
alias/CVE-2024-44128
alias/CVE-2024-44151
alias/CVE-2024-27876
alias/CVE-2024-44172
alias/CVE-2024-44188
alias/CVE-2024-44153
collector/mitre-cve
source/MITRE
alias/CVE-2024-44202
agent/software-canonical-lookup-request
alias/CVE-2024-44147
alias/CVE-2024-44217
alias/CVE-2024-44127
alias/CVE-2024-40863
alias/CVE-2024-40853
alias/CVE-2024-44139
alias/CVE-2024-44180
alias/CVE-2024-27879
alias/CVE-2024-44124
alias/CVE-2024-44252
alias/CVE-2024-44259
alias/CVE-2024-44218
alias/CVE-2024-54538
alias/CVE-2024-44269
alias/CVE-2024-54470
alias/CVE-2024-44278
alias/CVE-2024-44261
alias/CVE-2024-44296
alias/CVE-2024-44233
alias/CVE-2024-44234
alias/CVE-2024-44240
alias/CVE-2024-44302
alias/CVE-2024-44282
alias/CVE-2024-40854
alias/CVE-2024-44215
alias/CVE-2024-44297
alias/CVE-2024-44239
alias/CVE-2024-44258
alias/CVE-2024-44171
alias/CVE-2024-40852
alias/CVE-2024-27874
alias/CVE-2024-40830
alias/CVE-2024-44232
collector/nvd-api
source/NVD
vendor/apple
canonical/macos
canonical/apple ios, ipados, and watchos
canonical/safari
canonical/apple ios and ipados
canonical/apple ios, ipados, and macos
canonical/iphone os