diff --git a/security/2024-11-27-security-advisory-2024-0007.md b/security/2024-11-27-security-advisory-2024-0007.md new file mode 100644 index 000000000..be44f4524 --- /dev/null +++ b/security/2024-11-27-security-advisory-2024-0007.md @@ -0,0 +1,40 @@ +--- +layout: post +title: WebKitGTK and WPE WebKit Security Advisory WSA-2024-0007 +permalink: /security/WSA-2024-0007.html +tags: WSA +--- + +* Date Reported: **November 27, 2024** + +* Advisory ID: **WSA-2024-0007** + +* CVE identifiers: [CVE-2024-44308](#CVE-2024-44308), [CVE-2024-44309](#CVE-2024-44309) + + +Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. + +* CVE-2024-44308 + * Versions affected: WebKitGTK and WPE WebKit before 2.46.4. + * Credit to Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group. + * Impact: Processing maliciously crafted web content may lead to arbitrary code + execution. Apple is aware of a report that this issue may have been actively exploited + on Intel-based Mac systems. Description: The issue was addressed with improved checks. + * WebKit Bugzilla: 283063 + +* CVE-2024-44309 + * Versions affected: WebKitGTK and WPE WebKit before 2.46.4. + * Credit to Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group. + * Impact: Processing maliciously crafted web content may lead to a cross site scripting + attack. Apple is aware of a report that this issue may have been actively exploited on + Intel-based Mac systems. Description: A cookie management issue was addressed with + improved state management. + * WebKit Bugzilla: 283095 + +We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the +best way to ensure that you are running safe versions of WebKit. Please check our websites +for information about the latest stable releases. + +Further information about WebKitGTK and WPE WebKit security advisories can be found at: +[webkitgtk.org/security.html](https://webkitgtk.org/security.html) or +[wpewebkit.org/security](https://wpewebkit.org/security).