The issue was addressed with improved checks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. A malicious website may exfiltrate data cross-origin.
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Safari | Apple | * | 26.1 (excluding) |
| Ipados | Apple | * | 26.1 (excluding) |
| Iphone_os | Apple | * | 26.1 (excluding) |
| Tvos | Apple | * | 26.1 (excluding) |
| Visionos | Apple | * | 26.1 (excluding) |
| Watchos | Apple | * | 26.1 (excluding) |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | webkitgtk4-0:2.48.3-2.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | webkit2gtk3-0:2.46.3-1.el8_10 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | webkit2gtk3-0:2.46.3-1.el8_2 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | webkit2gtk3-0:2.46.3-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | webkit2gtk3-0:2.46.3-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | webkit2gtk3-0:2.46.3-1.el8_4 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | webkit2gtk3-0:2.46.3-1.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | webkit2gtk3-0:2.46.3-1.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | webkit2gtk3-0:2.46.3-1.el8_6 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | webkit2gtk3-0:2.46.3-1.el8_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | webkit2gtk3-0:2.46.1-2.el9_4 | * |
| Red Hat Enterprise Linux 9 | RedHat | webkit2gtk3-0:2.46.3-1.el9_5 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | webkit2gtk3-0:2.46.1-1.el9_0 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | webkit2gtk3-0:2.46.1-1.el9_2 | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/bionic | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/focal | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/jammy | * |
| Qtwebkit-opensource-src | Ubuntu | esm-apps/noble | * |
| Qtwebkit-opensource-src | Ubuntu | esm-infra/xenial | * |
| Qtwebkit-opensource-src | Ubuntu | jammy | * |
| Qtwebkit-opensource-src | Ubuntu | noble | * |
| Qtwebkit-source | Ubuntu | esm-apps/bionic | * |
| Qtwebkit-source | Ubuntu | esm-apps/xenial | * |
| Webkit2gtk | Ubuntu | esm-infra/bionic | * |
| Webkit2gtk | Ubuntu | esm-infra/focal | * |
| Webkit2gtk | Ubuntu | esm-infra/xenial | * |
| Webkit2gtk | Ubuntu | jammy | * |
| Webkit2gtk | Ubuntu | noble | * |
| Webkit2gtk | Ubuntu | upstream | * |
| Webkitgtk | Ubuntu | esm-apps/bionic | * |
| Webkitgtk | Ubuntu | esm-apps/xenial | * |
| Wpewebkit | Ubuntu | esm-apps/focal | * |
| Wpewebkit | Ubuntu | esm-apps/jammy | * |
| Wpewebkit | Ubuntu | jammy | * |
If a cross-domain policy file includes domains that should not be trusted, such as when using wildcards under a high-level domain, then the application could be attacked by these untrusted domains. In many cases, the attack can be launched without the victim even being aware of it.