The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2024/Jul/15 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Jul/18 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Jul/19 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Jul/20 | Mailing List Third Party Advisory |
https://support.apple.com/en-us/HT214118 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/HT214119 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/HT214120 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/HT214121 | Release Notes Vendor Advisory |
https://support.apple.com/kb/HT214121 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Aug 2024, 17:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1021 | |
CPE | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
|
References | () http://seclists.org/fulldisclosure/2024/Jul/15 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2024/Jul/18 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2024/Jul/19 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2024/Jul/20 - Mailing List, Third Party Advisory | |
References | () https://support.apple.com/en-us/HT214118 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/HT214119 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/HT214120 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/HT214121 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/kb/HT214121 - Release Notes, Vendor Advisory | |
First Time |
Apple
Apple safari Apple macos |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
30 Jul 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Jul 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jul 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jul 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Jul 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-29 23:15
Updated : 2024-08-15 17:10
NVD link : CVE-2024-40817
Mitre link : CVE-2024-40817
CVE.ORG link : CVE-2024-40817
JSON object : View
Products Affected
apple
- macos
- safari
CWE
CWE-1021
Improper Restriction of Rendered UI Layers or Frames