Lucene search

[email protected]NVD:CVE-2024-40817

HistoryJul 29, 2024 - 11:15 p.m.

CVE-2024-40817

2024-07-2923:15:13

CWE-1021

[email protected]

web.nvd.nist.gov

ui handling

macos sonoma

safari 17.6

macos monterey

macos ventura

ui spoofing

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.0%

JSON

The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing.

Affected configurations

Nvd

Node

applesafariRange<17.6

applemacosRange12.0–12.7.6

applemacosRange13.0–13.6.8

applemacosRange14.0–14.6

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	macos	*	cpe:2.3:o:apple:macos::::::::

References

seclists.org/fulldisclosure/2024/Jul/15

seclists.org/fulldisclosure/2024/Jul/18

seclists.org/fulldisclosure/2024/Jul/19

seclists.org/fulldisclosure/2024/Jul/20

support.apple.com/en-us/HT214118

support.apple.com/en-us/HT214119

support.apple.com/en-us/HT214120

support.apple.com/en-us/HT214121

support.apple.com/kb/HT214121

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.0%

JSON

Related for NVD:CVE-2024-40817

cvelist1 vulnrichment1 cve1 apple4 openvas4 nessus5