CVE-2024-44296: 
Apple Safari vulnerability analysis and mitigation

CVE-2024-44296 is a security vulnerability affecting multiple Apple operating systems and Safari browser, discovered in October 2024. The vulnerability allows processing of maliciously crafted web content that may prevent Content Security Policy from being enforced. The affected systems include tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, and Safari 18.1 (Apple Support).

The vulnerability is tracked with WebKit Bugzilla ID 278765 and has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N. The issue involves the processing of maliciously crafted web content that could bypass Content Security Policy enforcement mechanisms. The vulnerability was addressed with improved checks in the affected systems (NVD).

The vulnerability could allow attackers to bypass Content Security Policy (CSP) enforcement when processing maliciously crafted web content. This could potentially lead to security policy violations and compromise the intended security boundaries set by the CSP (Apple Support).

Apple has addressed this vulnerability by implementing improved checks in the affected systems. The fix is available in the following updates: tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, and Safari 18.1. Users are advised to update their systems to these versions to mitigate the vulnerability (Apple Support).