CVE-2024-44187

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
References
Link Resource
https://support.apple.com/en-us/121238 Release Notes Vendor Advisory
https://support.apple.com/en-us/121240 Release Notes Vendor Advisory
https://support.apple.com/en-us/121241 Release Notes Vendor Advisory
https://support.apple.com/en-us/121248 Release Notes Vendor Advisory
https://support.apple.com/en-us/121249 Release Notes Vendor Advisory
https://support.apple.com/en-us/121250 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

History

25 Sep 2024, 13:25

Type Values Removed Values Added
CWE CWE-346
CPE cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
References () https://support.apple.com/en-us/121238 - () https://support.apple.com/en-us/121238 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121240 - () https://support.apple.com/en-us/121240 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121241 - () https://support.apple.com/en-us/121241 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121248 - () https://support.apple.com/en-us/121248 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121249 - () https://support.apple.com/en-us/121249 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121250 - () https://support.apple.com/en-us/121250 - Release Notes, Vendor Advisory
First Time Apple watchos
Apple macos
Apple iphone Os
Apple
Apple ipados
Apple safari
Apple tvos
Apple visionos
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

20 Sep 2024, 12:31

Type Values Removed Values Added
Summary
  • (es) Existía un problema de origen cruzado con los elementos "iframe". Esto se solucionó mejorando el seguimiento de los orígenes de seguridad. Este problema se solucionó en Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18 y tvOS 18. Un sitio web malicioso puede filtrar datos de origen cruzado.

17 Sep 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-17 00:15

Updated : 2024-09-25 13:25


NVD link : CVE-2024-44187

Mitre link : CVE-2024-44187

CVE.ORG link : CVE-2024-44187


JSON object : View

Products Affected

apple

  • macos
  • ipados
  • safari
  • visionos
  • watchos
  • iphone_os
  • tvos
CWE
CWE-346

Origin Validation Error