PT-2024-29120 · Apple+9 · Safari+10

Hafiizh

Published

2024-09-16

Updated

2025-11-25

CVE-2024-40866

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Safari versions prior to 18 macOS versions prior to Sequoia 15

Description The issue was addressed with improved UI. Visiting a malicious website may lead to address bar spoofing.

Recommendations For Safari versions prior to 18, update to Safari 18 to resolve the issue. For macOS versions prior to Sequoia 15, update to macOS Sequoia 15 to resolve the issue.

Fix

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-451

Related Identifiers

ALSA-2024:8180

ALSA-2024:9553

ALSA-2024:9636

BDU:2025-04176

CESA-2024_9636

CVE-2024-40866

DLA-3961-1

DSA-5792-1

INFSA-2024_8180

INFSA-2024_9553

INFSA-2024_9636

MGASA-2025-0313

OPENSUSE-SU-2024_3752-1

OPENSUSE-SU-2024_3869-1

OPENSUSE-SU-2024_4084-1

OPENSUSE-SU-2025_0043-1

OPENSUSE-SU-2025_0096-1

RHSA-2024:8180

RHSA-2024:9553

RHSA-2024:9636

RHSA-2024_8180

RHSA-2024_9553

RHSA-2024_9636

RHSA-2025:10364

RLSA-2024:8180

RLSA-2024:9636

SUSE-SU-2024:3751-1

SUSE-SU-2024:3752-1

SUSE-SU-2024:3869-1

SUSE-SU-2024:3870-1

SUSE-SU-2024:4084-1

SUSE-SU-2024_4084-1

SUSE-SU-2025:0043-1

SUSE-SU-2025:0096-1

SUSE-SU-2025:0104-1

USN-7079-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Safari

Suse

Ubuntu

PT-2024-29120 · Apple+9 · Safari+10

CVE-2024-40866

Weakness Enumeration

Related Identifiers

Affected Products

References · 146