Back

CVE-2024-44187

Sept. 17, 2024, 12:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

iOS

  • 18

iPadOS

  • 18

watchOS

  • 11

tvOS

  • 18

Safari

  • 18

macOS

  • Sequoia 15

Source

product-security@apple.com

Tags

product-security@apple.com
2024-09-17
CVE-2024-44187

CVE-2024-44187 details

Published : Sept. 17, 2024, 12:15 a.m.
Last Modified : Sept. 17, 2024, 12:15 a.m.

Description

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://support.apple.com/en-us/121238 product-security@apple.com
https://support.apple.com/en-us/121240 product-security@apple.com
https://support.apple.com/en-us/121241 product-security@apple.com
https://support.apple.com/en-us/121248 product-security@apple.com
https://support.apple.com/en-us/121249 product-security@apple.com
https://support.apple.com/en-us/121250 product-security@apple.com
This website uses the NVD API, but is not approved or certified by it.