CVE-2024-44309 is an Apple WebKit XSS zero-day actively exploited in the wild, often chained with CVE-2024-44308. Patch all Apple platforms to November 2024 releases. Intelligence agencies have attributed exploitation to nation-state actors targeting high-value individuals.
Apple WebKit Cross-Site Scripting Vulnerability. Processing maliciously crafted web content may lead to a cross-site scripting attack.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →