A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information.
The product does not properly verify that the source of data or communication is valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mac_os_x | Apple | * | 10.15.1 (excluding) |