CVE-2024-44187

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-44187

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

References
Link Resource
https://support.apple.com/en-us/121238 Release Notes Vendor Advisory
https://support.apple.com/en-us/121240 Release Notes Vendor Advisory
https://support.apple.com/en-us/121241 Release Notes Vendor Advisory
https://support.apple.com/en-us/121248 Release Notes Vendor Advisory
https://support.apple.com/en-us/121249 Release Notes Vendor Advisory
https://support.apple.com/en-us/121250 Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2024/Sep/32
http://seclists.org/fulldisclosure/2024/Sep/33
http://seclists.org/fulldisclosure/2024/Sep/36
http://seclists.org/fulldisclosure/2024/Sep/37
https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
History

04 Nov 2025, 17:16

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Sep/32 -
  • () http://seclists.org/fulldisclosure/2024/Sep/33 -
  • () http://seclists.org/fulldisclosure/2024/Sep/36 -
  • () http://seclists.org/fulldisclosure/2024/Sep/37 -

03 Nov 2025, 22:18

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html -

25 Sep 2024, 13:25

Type Values Removed Values Added
References () https://support.apple.com/en-us/121238 - () https://support.apple.com/en-us/121238 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121240 - () https://support.apple.com/en-us/121240 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121241 - () https://support.apple.com/en-us/121241 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121248 - () https://support.apple.com/en-us/121248 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121249 - () https://support.apple.com/en-us/121249 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121250 - () https://support.apple.com/en-us/121250 - Release Notes, Vendor Advisory
CWE CWE-346
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
First Time Apple safari
Apple ipados
Apple macos
Apple
Apple visionos
Apple watchos
Apple tvos
Apple iphone Os
CPE cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

20 Sep 2024, 12:31

Type Values Removed Values Added
Summary
  • (es) Existía un problema de origen cruzado con los elementos "iframe". Esto se solucionó mejorando el seguimiento de los orígenes de seguridad. Este problema se solucionó en Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18 y tvOS 18. Un sitio web malicioso puede filtrar datos de origen cruzado.

17 Sep 2024, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-17 00:15

Updated : 2025-11-04 17:16

NVD link : CVE-2024-44187

Mitre link : CVE-2024-44187

CVE.ORG link : CVE-2024-44187

JSON object : View

Products Affected

apple

CWE
CWE-346

Origin Validation Error