The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. A website may exfiltrate image data cross-origin.
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Safari | Apple | * | 26.1 (excluding) |
| Ipados | Apple | * | 26.1 (excluding) |
| Iphone_os | Apple | * | 26.1 (excluding) |
| Tvos | Apple | * | 26.1 (excluding) |
| Visionos | Apple | * | 26.1 (excluding) |
| Watchos | Apple | * | 26.1 (excluding) |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/bionic | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/focal | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/jammy | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/noble | * |
| Qtwebkit-opensource-src | Ubuntu | esm-infra/xenial | * |
| Qtwebkit-opensource-src | Ubuntu | jammy | * |
| Qtwebkit-opensource-src | Ubuntu | noble | * |
| Qtwebkit-source | Ubuntu | esm-apps/bionic | * |
| Qtwebkit-source | Ubuntu | esm-apps/xenial | * |
| Webkit2gtk | Ubuntu | esm-infra/bionic | * |
| Webkit2gtk | Ubuntu | esm-infra/focal | * |
| Webkit2gtk | Ubuntu | esm-infra/xenial | * |
| Webkit2gtk | Ubuntu | upstream | * |
| Webkitgtk | Ubuntu | esm-apps/bionic | * |
| Webkitgtk | Ubuntu | esm-apps/xenial | * |
| Wpewebkit | Ubuntu | esm-apps/focal | * |
| Wpewebkit | Ubuntu | esm-apps/jammy | * |
| Wpewebkit | Ubuntu | jammy | * |
If a cross-domain policy file includes domains that should not be trusted, such as when using wildcards under a high-level domain, then the application could be attacked by these untrusted domains. In many cases, the attack can be launched without the victim even being aware of it.