Description
A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.
References (15)
Core 15
Core References
Vendor Advisory
https://support.apple.com/en-us/HT214055
Vendor Advisory
https://support.apple.com/en-us/HT214056
Vendor Advisory
https://support.apple.com/en-us/HT214059
Vendor Advisory
https://support.apple.com/en-us/HT214060
Vendor Advisory
https://support.apple.com/en-us/HT214061
Vendor Advisory
https://support.apple.com/kb/HT214055
Vendor Advisory
https://support.apple.com/kb/HT214056
Vendor Advisory
https://support.apple.com/kb/HT214059
Vendor Advisory
https://support.apple.com/kb/HT214060
Vendor Advisory
https://support.apple.com/kb/HT214061
Scores
CVSS v3
6.5
EPSS
0.0009
EPSS Percentile
26.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (11)
Apple/iOS and iPadOS
< 17.3
apple/ipados
< 17.3
apple/iphone_os
< 17.3
Apple/macOS
< 14.3
apple/macos
14.0 - 14.3
apple/safari
< 17.3
Apple/Safari
< 17.3
apple/tvos
< 17.3
Apple/tvOS
< 17.3
apple/watchos
< 10.3
... and 1 more
Published
Apr 24, 2024
Tracked Since
Feb 18, 2026