PT-2024-31020 · Apple+9 · Visionos+16
Narendra Bhati
·
Published
2024-09-16
·
Updated
2025-11-25
·
CVE-2024-44187
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Safari version 18
visionOS version 2
watchOS version 11
macOS Sequoia version 15
iOS version 18
iPadOS version 18
tvOS version 18
Description
A cross-origin issue existed with
iframe elements, allowing a malicious website to exfiltrate data cross-origin. This issue was addressed with improved tracking of security origins.Recommendations
For Safari version 18, no additional action is required as the issue is fixed.
For visionOS version 2, no additional action is required as the issue is fixed.
For watchOS version 11, no additional action is required as the issue is fixed.
For macOS Sequoia version 15, no additional action is required as the issue is fixed.
For iOS version 18, no additional action is required as the issue is fixed.
For iPadOS version 18, no additional action is required as the issue is fixed.
For tvOS version 18, no additional action is required as the issue is fixed.
As a temporary workaround for older versions, consider disabling the use of
iframe elements until a patch is available.Fix
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Ios
Ipados
Macos Sequoia
Tvos
Visionos
Watchos