Login Sign Up

CVE-2024-44206

9.3 CRITICAL

📋 TL;DR

This vulnerability allows users to bypass web content restrictions through improper URL protocol handling in Apple operating systems and Safari. It affects users running vulnerable versions of tvOS, visionOS, Safari, watchOS, iOS, iPadOS, and macOS. The high CVSS score indicates significant security implications.

💻 Affected Systems

Products:
  • tvOS
  • visionOS
  • Safari
  • watchOS
  • iOS
  • iPadOS
  • macOS Sonoma
Versions: Versions prior to tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6, iPadOS 17.6, macOS Sonoma 14.6
Operating Systems: tvOS, visionOS, watchOS, iOS, iPadOS, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple operating systems and Safari browser are vulnerable.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could bypass critical web security controls to execute malicious code, access restricted content, or perform unauthorized actions within the browser context.

🟠

Likely Case

Users could circumvent parental controls, content filters, or enterprise web restrictions to access blocked websites or content.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated; with network controls, impact is limited to bypassing local content restrictions only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation likely requires user interaction (visiting a malicious URL) but no authentication. Apple has patched this in multiple systems simultaneously.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6, iPadOS 17.6, macOS Sonoma 14.6

Vendor Advisory: https://support.apple.com/en-us/120909

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Navigate to General > Software Update. 3. Download and install the available update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Use alternative browser

all

Temporarily use Chrome, Firefox, or Edge instead of Safari to avoid the vulnerability.

Enable strict content filtering

all

Configure network or device-level content filtering to block malicious URLs.

🧯 If You Can't Patch

  • Implement network-level URL filtering and web proxy controls
  • Educate users about phishing risks and suspicious URL handling

🔍 How to Verify

Check if Vulnerable:

Check system version in Settings > General > About on Apple devices, or Safari > About Safari on macOS.

Check Version:

On macOS: sw_vers; On iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Confirm system version matches or exceeds patched versions listed in fix_official.patch_version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual URL protocol handling in web logs
  • Access to typically restricted domains

Network Indicators:

  • HTTP requests bypassing expected content filters
  • Unusual traffic to newly accessible domains

SIEM Query:

web.url CONTAINS 'malicious-protocol:' OR web.action='bypass_restriction'

📊 Metadata

CVE ID: CVE-2024-44206
CVSS v3 Score: 9.3 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Published: October 24, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON