A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
History

Thu, 17 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Thu, 26 Sep 2024 02:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

Important

threat_severity

Moderate


Wed, 25 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
Title webkitgtk: A malicious website may exfiltrate data cross-origin
References
Metrics threat_severity

None

threat_severity

Important


Wed, 25 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple tvos
Apple visionos
Apple watchos
Weaknesses CWE-346
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple tvos
Apple visionos
Apple watchos
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


Tue, 17 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 16 Sep 2024 23:30:00 +0000

Type Values Removed Values Added
Description A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-09-16T23:23:16.230Z

Updated: 2024-09-17T13:46:52.600Z

Reserved: 2024-08-20T21:42:05.933Z

Link: CVE-2024-44187

cve-icon Vulnrichment

Updated: 2024-09-17T13:46:45.960Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-17T00:15:52.037

Modified: 2024-09-25T13:25:52.043

Link: CVE-2024-44187

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-09-25T00:00:00Z

Links: CVE-2024-44187 - Bugzilla