21 matches found
CVE-2024-44155
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. Maliciously crafted web content may violate iframe sandboxing policy...
CVE-2025-24180
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix...
SUSE CVE-2024-44192
The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash...
DEBIAN-CVE-2024-44192
The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2024-54479
The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2024-44155
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy...
CVE-2024-44155
CVE-2024-44155 affects Apple Safari and related OS components via a custom URL scheme handling issue. The root cause is improved input validation, addressing a vulnerability that could allow malicious web content to violate the iframe sandboxing policy. Public details indicate the fix is applied ...
CVE-2024-44187
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...
CVE-2024-44187
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin...
CVE-2024-40866
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing...
CVE-2024-40866
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing...
CVE-2024-44187
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...
CVE-2024-44187
Summary of CVE-2024-44187 (Cross-origin iframe data exfiltration) A cross-origin issue existed involving iframe elements in WebKitGTK/WebKit2GTK, allowing a malicious site to exfiltrate data across origins. The root cause is stated as inadequate tracking of security origins for iframes. Affected ...
CVE-2024-44187
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...
CVE-2024-40857
This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting...
CVE-2024-40857
CVE-2024-40857 affects Apple platforms using WebKit: a web content processing flaw that could lead to universal cross-site scripting. The issue was addressed through improved state management and is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18, and tvOS 18 per t...
CVE-2024-40857
This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to universal cross site scripting...
CVE-2024-40866
CVE-2024-40866 affects WebKitGTK/WebKit2GTK. Visiting a malicious website may lead to address bar spoofing. Public advisories confirm fixes via package updates across distros: Debian (2.46.0-2~deb12u1 for bookworm; newer LTS entries exist), AlmaLinux 8/9 webkit2gtk3 advisories, Fedora package-ann...
CVE-2024-40866
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing...
CVE-2024-40866
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing...