CVE-2024-44244: 
Apple Safari vulnerability analysis and mitigation

A memory corruption vulnerability (CVE-2024-44244) was discovered in WebKit, affecting multiple Apple operating systems. The issue was disclosed and patched in October 2024, affecting iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, and Safari 18.1. The vulnerability was discovered by an anonymous researcher, Q1IQ (@q1iqF) and P1umer (@p1umer) (Apple Security).

The vulnerability is classified as a memory corruption issue in WebKit (WebKit Bugzilla: 279780) that occurs when processing maliciously crafted web content. The issue was addressed with improved input validation. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L, indicating it is network accessible, requires low attack complexity, and needs user interaction (NVD).

When exploited, this vulnerability can lead to an unexpected process crash when processing maliciously crafted web content. The impact is primarily focused on availability, with no direct impact on confidentiality or integrity of the system (Apple Security).

Apple has addressed this vulnerability by implementing improved input validation in the affected systems. Users are advised to update to the following versions: iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, or Safari 18.1, depending on their device (Apple Security).