A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a website may leak sensitive data.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Safari | Apple | * | 18.4 (excluding) |
| Ipados | Apple | * | 18.4 (excluding) |
| Iphone_os | Apple | * | 18.4 (excluding) |
| Macos | Apple | 15.0 (including) | 15.4 (excluding) |
| Visionos | Apple | * | 2.4 (excluding) |
References
- https://support.apple.com/en-us/122371
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122378
- https://support.apple.com/en-us/122379
- http://seclists.org/fulldisclosure/2025/Apr/12
- http://seclists.org/fulldisclosure/2025/Apr/2
- http://seclists.org/fulldisclosure/2025/Apr/4
- http://seclists.org/fulldisclosure/2025/Apr/8