A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-08
Updated
2024-04-02
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-08
Updated
2024-04-02
This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-03-08
Updated
2024-03-14
A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-03-08
Updated
2024-04-02
The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-08
Updated
2024-03-13
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-08
Updated
2024-03-13
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings.
Max CVSS
3.3
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-02-26
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
N/A
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-02-22
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
4.3
EPSS Score
0.35%
Published
2023-02-27
Updated
2023-12-28
A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.
Max CVSS
4.3
EPSS Score
0.23%
Published
2022-09-20
Updated
2022-12-08
A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
4.3
EPSS Score
0.08%
Published
2022-03-18
Updated
2022-03-24
The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
4.3
EPSS Score
0.10%
Published
2020-12-08
Updated
2023-01-09
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
4.3
EPSS Score
0.08%
Published
2020-12-08
Updated
2020-12-09
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
4.3
EPSS Score
0.13%
Published
2020-12-08
Updated
2022-06-02
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
4.3
EPSS Score
0.13%
Published
2020-12-08
Updated
2022-06-02
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode.
Max CVSS
3.3
EPSS Score
0.04%
Published
2020-10-16
Updated
2020-10-20
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
Max CVSS
4.3
EPSS Score
0.43%
Published
2020-10-16
Updated
2023-01-09
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.
Max CVSS
4.3
EPSS Score
0.10%
Published
2020-04-01
Updated
2020-04-03
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.
Max CVSS
3.1
EPSS Score
1.78%
Published
2020-04-01
Updated
2022-06-02
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.
Max CVSS
4.3
EPSS Score
0.23%
Published
2020-04-01
Updated
2020-04-03
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.
Max CVSS
4.3
EPSS Score
0.23%
Published
2020-04-01
Updated
2022-05-31
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
4.3
EPSS Score
0.08%
Published
2020-02-27
Updated
2020-03-02
An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited.
Max CVSS
4.3
EPSS Score
0.11%
Published
2020-10-27
Updated
2021-07-21
The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited.
Max CVSS
4.3
EPSS Score
0.17%
Published
2020-10-27
Updated
2020-10-29
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.
Max CVSS
4.3
EPSS Score
0.08%
Published
2019-12-18
Updated
2019-12-19