iOS/iPadOS 17.7.2 Security Update: JavaScriptCore RCE and WebKit XSS Fixes (CVE-2024-44308/44309)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. iOS 17.7.2 and iPadOS 17.7.2: - Release Date: November 19, 2024 - Affected Devices: iPhone XS and later models, iPad Pro 13-inch and later models, iPad Pro 12.9-inch 2nd generation and later models, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later models, iPad Air 3rd generation and later models, iPad 6th generation and later models, and iPad mini 5th generation and later models. 2. JavaScriptCore: - Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware that this issue may be actively exploited on Intel-based Mac systems. - Description: The issue was resolved by improving checks. - CVE-2024-44308: Reported by Clement Lecigne and Benoit Sevens from Google’s Threat Analysis Group. 3. WebKit: - Impact: Processing maliciously crafted web content may lead to cross-site scripting attacks. Apple is aware that this issue may be actively exploited on Intel-based Mac systems. - Description: A cookie management issue was resolved by improving state management. - CVE-2024-44309: Reported by Clement Lecigne and Benoit Sevens from Google’s Threat Analysis Group. 4. Disclaimer: - Information regarding products not manufactured by Apple or independent websites not controlled or tested by Apple is not recommended or endorsed by Apple. Apple is not responsible for the selection, performance, or use of third-party websites or products. For more information, contact the supplier. This information provides a detailed description of the security updates in iOS 17.7.2 and iPadOS 17.7.2, including affected devices, vulnerability impacts, descriptions, and associated CVE numbers.

Goal Reached Thanks to every supporter — we hit 100%!

iOS/iPadOS 17.7.2 Security Update: JavaScriptCore RCE and WebKit XSS Fixes (CVE-2024-44308/44309)