CVE-2024-40866 — Apple Macos vulnerability

9 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 74.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Safari

Timeline

PublishedSep 17

Latest updateOct 22

Description

The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5apple/macos< 15

▶NVDapple/macos< 15.0

▶CVEListV5apple/safari< 18

▶NVDapple/safari< 18.0

🔴Vulnerability Details

GHSA

GHSA-h9cp-5vvc-8wqc: The issue was addressed with improved UI↗2024-09-17

▶

OSV

CVE-2024-40866: The issue was addressed with improved UI↗2024-09-17

▶

CVEList

CVE-2024-40866: The issue was addressed with improved UI↗2024-09-16

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2024-10-22

▶

Red Hat

webkitgtk: Visiting a malicious website may lead to address bar spoofing↗2024-09-17

▶

Apple

CVE-2024-40866: macOS Sequoia 15↗2024-09-16

▶

Apple

CVE-2024-40866: Safari 18↗2024-09-16

▶

Debian

CVE-2024-40866: webkit2gtk - The issue was addressed with improved UI. This issue is fixed in Safari 18, macO...↗2024

▶