Apple Safari vulnerabilities

CVE-2024-54508 [HIGH] CVE-2024-54508: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-54505 [HIGH] CWE-843 CVE-2024-54505: A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18 A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.

CVE-2024-44212 [MEDIUM] CWE-346 CVE-2024-44212: A cookie management issue was addressed with improved state management. This issue is fixed in Safar A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.

CVE-2024-54502 [MEDIUM] CWE-125 CVE-2024-54502: The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadO The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-44246 [MEDIUM] CWE-125 CVE-2024-44246: The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.

CVE-2024-44308 [HIGH] CVE-2024-44308: The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and i The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac sys

CVE-2024-44309 [MEDIUM] CWE-79 CVE-2024-44309: A cookie management issue was addressed with improved state management. This issue is fixed in Safar A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been a

CVE-2024-44259 [HIGH] CVE-2024-44259: This issue was addressed through improved state management. This issue is fixed in Safari 18.1, iOS This issue was addressed through improved state management. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. An attacker may be able to misuse a trust relationship to download malicious content.

CVE-2024-44229 [MEDIUM] CVE-2024-44229: An information leakage was addressed with additional validation. This issue is fixed in Safari 18.1, An information leakage was addressed with additional validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. Private browsing may leak some browsing history.

CVE-2024-44244 [MEDIUM] CWE-787 CVE-2024-44244: A memory corruption issue was addressed with improved input validation. This issue is fixed in Safar A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-44155 [MEDIUM] CVE-2024-44155: A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. Maliciously crafted web content may violate iframe sandboxing policy.

CVE-2024-44296 [MEDIUM] CVE-2024-44296: The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPa The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVE-2024-44206 [CRITICAL] CVE-2024-44206: An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.

CVE-2024-44185 [MEDIUM] CVE-2024-44185: The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadO The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-40857 [MEDIUM] CWE-79 CVE-2024-40857: This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2024-44187 [MEDIUM] CWE-346 CVE-2024-44187: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of se A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.

CVE-2024-40866 [MEDIUM] CVE-2024-40866: The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiti The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.

CVE-2024-44202 [MEDIUM] CWE-287 CVE-2024-44202: An authentication issue was addressed with improved state management. This issue is fixed in Safari An authentication issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.

CVE-2024-40789 [MEDIUM] CWE-125 CVE-2024-40789: An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Sa An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2024-40782 [MEDIUM] CWE-416 CVE-2024-40782: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.