OpenCVE

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Ipados Iphone Os Macos Safari Tvos Visionos Watchos
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
webkit2gtk3-0:2.46.3-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:9636	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 9
webkit2gtk3-0:2.46.1-2.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:8180	2024-10-16T00:00:00Z
webkit2gtk3-0:2.46.3-1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9553	2024-11-13T00:00:00Z

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2024-44187
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121240
https://support.apple.com/en-us/121241
https://support.apple.com/en-us/121248
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121250
https://webkitgtk.org/security/WSA-2024-0005.html
https://www.cve.org/CVERecord?id=CVE-2024-44187

History

Sat, 16 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8

Thu, 17 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Thu, 26 Sep 2024 02:15:00 +0000

Type	Values Removed	Values Added
References		https://webkitgtk.org/security/WSA-2024-0005.html
Metrics	threat_severity `Important`	threat_severity `Moderate`

Wed, 25 Sep 2024 19:45:00 +0000

Type	Values Removed	Values Added
Title		webkitgtk: A malicious website may exfiltrate data cross-origin
References		https://nvd.nist.gov/vuln/detail/CVE-2024-44187 https://www.cve.org/CVERecord?id=CVE-2024-44187
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 25 Sep 2024 13:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple macos Apple safari Apple tvos Apple visionos Apple watchos
Weaknesses		CWE-346
CPEs		cpe:2.3:a:apple:safari:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:watchos::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple macos Apple safari Apple tvos Apple visionos Apple watchos
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}`

Tue, 17 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Sep 2024 23:30:00 +0000

Type	Values Removed	Values Added
Description		A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
References		https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121240 https://support.apple.com/en-us/121241 https://support.apple.com/en-us/121248 https://support.apple.com/en-us/121249 https://support.apple.com/en-us/121250

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-09-16T23:23:16.230Z

Updated: 2024-09-17T13:46:52.600Z

Reserved: 2024-08-20T21:42:05.933Z

Link: CVE-2024-44187

Vulnrichment

Updated: 2024-09-17T13:46:45.960Z

NVD

Status : Analyzed

Published: 2024-09-17T00:15:52.037

Modified: 2024-09-25T13:25:52.043

Link: CVE-2024-44187

Redhat

Severity : Moderate

Publid Date: 2024-09-25T00:00:00Z

Links: CVE-2024-44187 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object