A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
References
Link | Resource |
---|---|
https://support.apple.com/en-us/121238 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/121240 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/121241 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/121248 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/121249 | Release Notes Vendor Advisory |
https://support.apple.com/en-us/121250 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Sep 2024, 13:25
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-346 | |
CPE | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
|
References | () https://support.apple.com/en-us/121238 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/121240 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/121241 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/121248 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/121249 - Release Notes, Vendor Advisory | |
References | () https://support.apple.com/en-us/121250 - Release Notes, Vendor Advisory | |
First Time |
Apple watchos
Apple macos Apple iphone Os Apple Apple ipados Apple safari Apple tvos Apple visionos |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
20 Sep 2024, 12:31
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
17 Sep 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-17 00:15
Updated : 2024-09-25 13:25
NVD link : CVE-2024-44187
Mitre link : CVE-2024-44187
CVE.ORG link : CVE-2024-44187
JSON object : View
Products Affected
apple
- macos
- ipados
- safari
- visionos
- watchos
- iphone_os
- tvos
CWE
CWE-346
Origin Validation Error