This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-03-08
Updated
2024-03-14
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.37%
Published
2023-02-27
Updated
2023-12-28
A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.23%
Published
2022-09-20
Updated
2022-12-08
A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.08%
Published
2022-03-18
Updated
2022-03-24
The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.10%
Published
2020-12-08
Updated
2023-01-09
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.08%
Published
2020-12-08
Updated
2020-12-09
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.13%
Published
2020-12-08
Updated
2022-06-02
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.13%
Published
2020-12-08
Updated
2022-06-02
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.43%
Published
2020-10-16
Updated
2023-01-09
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.10%
Published
2020-04-01
Updated
2020-04-03
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.23%
Published
2020-04-01
Updated
2020-04-03
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.23%
Published
2020-04-01
Updated
2022-05-31
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.08%
Published
2020-02-27
Updated
2020-03-02
An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.11%
Published
2020-10-27
Updated
2021-07-21
The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.17%
Published
2020-10-27
Updated
2020-10-29
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.08%
Published
2019-12-18
Updated
2019-12-19
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.05%
Published
2019-04-03
Updated
2019-04-05
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.16%
Published
2019-04-03
Updated
2019-04-05
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.08%
Published
2019-04-03
Updated
2019-04-04
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.40%
Published
2019-01-11
Updated
2020-08-24
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.42%
Published
2018-06-08
Updated
2019-10-03
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.23%
Published
2017-10-23
Updated
2017-10-26
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to conduct UXSS attacks via a crafted web site.
Source: Apple Inc.
Max CVSS
4.7
EPSS Score
0.21%
Published
2017-02-20
Updated
2017-07-27
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.39%
Published
2017-02-20
Updated
2017-07-27
The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.18%
Published
2016-09-25
Updated
2017-07-30
166 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!