This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy.
The product does not properly verify that the source of data or communication is valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Safari | Apple | * | 18.4 (excluding) |
Ipados | Apple | * | 18.4 (excluding) |
Iphone_os | Apple | * | 18.4 (excluding) |
Macos | Apple | * | 15.4 (excluding) |
Visionos | Apple | * | 2.4 (excluding) |