The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Safari | Apple | * | 18.5 (excluding) |
Ipados | Apple | * | 18.5 (excluding) |
Iphone_os | Apple | * | 18.5 (excluding) |
Macos | Apple | * | 15.5 (excluding) |
Tvos | Apple | * | 18.5 (excluding) |
Visionos | Apple | * | 2.5 (excluding) |
Watchos | Apple | * | 11.5 (excluding) |
Red Hat Enterprise Linux 8 | RedHat | webkit2gtk3-0:2.48.2-1.el8_10 | * |
Red Hat Enterprise Linux 9 | RedHat | webkit2gtk3-0:2.48.2-1.el9_6 | * |
Qtwebkit-opensource-src | Ubuntu | esm-apps/bionic | * |
Qtwebkit-opensource-src | Ubuntu | esm-apps/focal | * |
Qtwebkit-opensource-src | Ubuntu | esm-apps/jammy | * |
Qtwebkit-opensource-src | Ubuntu | esm-apps/noble | * |
Qtwebkit-opensource-src | Ubuntu | esm-infra/xenial | * |
Qtwebkit-opensource-src | Ubuntu | focal | * |
Qtwebkit-opensource-src | Ubuntu | jammy | * |
Qtwebkit-opensource-src | Ubuntu | noble | * |
Qtwebkit-opensource-src | Ubuntu | oracular | * |
Qtwebkit-source | Ubuntu | esm-apps/bionic | * |
Qtwebkit-source | Ubuntu | esm-apps/xenial | * |
Webkit2gtk | Ubuntu | devel | * |
Webkit2gtk | Ubuntu | esm-infra/bionic | * |
Webkit2gtk | Ubuntu | esm-infra/xenial | * |
Webkit2gtk | Ubuntu | focal | * |
Webkit2gtk | Ubuntu | jammy | * |
Webkit2gtk | Ubuntu | noble | * |
Webkit2gtk | Ubuntu | oracular | * |
Webkit2gtk | Ubuntu | plucky | * |
Webkit2gtk | Ubuntu | upstream | * |
Webkitgtk | Ubuntu | esm-apps/bionic | * |
Webkitgtk | Ubuntu | esm-apps/xenial | * |
Wpewebkit | Ubuntu | esm-apps/focal | * |
Wpewebkit | Ubuntu | esm-apps/jammy | * |
Wpewebkit | Ubuntu | focal | * |
Wpewebkit | Ubuntu | jammy | * |