Apple Safari vulnerabilities
1,613 known vulnerabilities affecting apple/safari.
Total CVEs
1,613
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH615MEDIUM766LOW20UNKNOWN1
Vulnerabilities
Page 8 of 81
CVE-2025-24128MEDIUMCVSS 4.3fixed in 18.32025-01-27
CVE-2025-24128 [MEDIUM] CVE-2025-24128: The issue was addressed by adding additional logic. This issue is fixed in Safari 18.3, iOS 18.3 and
The issue was addressed by adding additional logic. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Visiting a malicious website may lead to address bar spoofing.
nvdapple
CVE-2024-27856HIGHCVSS 7.8fixed in 17.52025-01-15
CVE-2024-27856 [HIGH] CWE-94 CVE-2024-27856: The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPa
The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution.
nvdapple
CVE-2024-54534CRITICALCVSS 9.8fixed in 18.22024-12-12
CVE-2024-54534 [CRITICAL] CWE-787 CVE-2024-54534: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.
nvd
CVE-2024-54479HIGHCVSS 7.5fixed in 18.22024-12-12
CVE-2024-54479 [HIGH] CVE-2024-54479: The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2024-54508HIGHCVSS 7.5fixed in 18.22024-12-12
CVE-2024-54508 [HIGH] CWE-125 CVE-2024-54508: The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2024-54505HIGHCVSS 8.8fixed in 18.22024-12-12
CVE-2024-54505 [HIGH] CWE-843 CVE-2024-54505: A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.
nvd
CVE-2024-54502MEDIUMCVSS 6.5fixed in 18.22024-12-12
CVE-2024-54502 [MEDIUM] CWE-125 CVE-2024-54502: The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2024-44212MEDIUMCVSS 5.3fixed in 18.12024-12-12
CVE-2024-44212 [MEDIUM] CWE-346 CVE-2024-44212: A cookie management issue was addressed with improved state management. This issue is fixed in Safar
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.
nvd
CVE-2024-44246MEDIUMCVSS 5.3fixed in 18.22024-12-12
CVE-2024-44246 [MEDIUM] CWE-125 CVE-2024-44246: The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in
The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.
nvd
CVE-2024-44308HIGHCVSS 8.8KEVfixed in 18.1.12024-11-20
CVE-2024-44308 [HIGH] CVE-2024-44308: The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and i
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac sys
nvd
CVE-2024-44309MEDIUMCVSS 6.3KEVfixed in 18.1.12024-11-20
CVE-2024-44309 [MEDIUM] CWE-79 CVE-2024-44309: A cookie management issue was addressed with improved state management. This issue is fixed in Safar
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been a
nvd
CVE-2024-44259HIGHCVSS 7.5fixed in 18.12024-10-28
CVE-2024-44259 [HIGH] CVE-2024-44259: This issue was addressed through improved state management. This issue is fixed in Safari 18.1, iOS
This issue was addressed through improved state management. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. An attacker may be able to misuse a trust relationship to download malicious content.
nvd
CVE-2024-44155MEDIUMCVSS 6.5fixed in 18.0fixed in 182024-10-28
CVE-2024-44155 [MEDIUM] CVE-2024-44155: A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. Maliciously crafted web content may violate iframe sandboxing policy.
nvdapple
CVE-2024-44229MEDIUMCVSS 5.3fixed in 18.12024-10-28
CVE-2024-44229 [MEDIUM] CVE-2024-44229: An information leakage was addressed with additional validation. This issue is fixed in Safari 18.1,
An information leakage was addressed with additional validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. Private browsing may leak some browsing history.
nvd
CVE-2024-44244MEDIUMCVSS 4.3fixed in 18.12024-10-28
CVE-2024-44244 [MEDIUM] CWE-787 CVE-2024-44244: A memory corruption issue was addressed with improved input validation. This issue is fixed in Safar
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash.
nvd
CVE-2024-44296MEDIUMCVSS 5.4fixed in 18.12024-10-28
CVE-2024-44296 [MEDIUM] CVE-2024-44296: The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPa
The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
nvd
CVE-2024-44206CRITICALCVSS 9.3fixed in 17.62024-10-24
CVE-2024-44206 [CRITICAL] CVE-2024-44206: An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in
An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.
nvdapple
CVE-2024-44185MEDIUMCVSS 5.5fixed in 17.62024-10-24
CVE-2024-44185 [MEDIUM] CVE-2024-44185: The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.
nvdapple
CVE-2024-44187MEDIUMCVSS 6.5fixed in 18.0fixed in 182024-09-17
CVE-2024-44187 [MEDIUM] CWE-346 CVE-2024-44187: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of se
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.
nvdapple
CVE-2024-40857MEDIUMCVSS 6.1fixed in 18.0fixed in 182024-09-17
CVE-2024-40857 [MEDIUM] CWE-79 CVE-2024-40857: This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18
This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to universal cross site scripting.
nvdapple