Home / mailings APPLE-SA-09-16-2024-6 Safari 18
Posted on 17 September 2024
Apple Security-announceAPPLE-SA-09-16-2024-6 Safari 18
Safari 18 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121241.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI.
WebKit Bugzilla: 279451
CVE-2024-40866: Hafiizh and YoKo Kho (@yokoacc) of HakTrak
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: A malicious website may exfiltrate data cross-origin
Description: A cross-origin issue existed with "iframe" elements. This
was addressed with improved tracking of security origins.
WebKit Bugzilla: 279452
CVE-2024-44187: Narendra Bhati, Manager of Cyber Security at Suma Soft
Pvt. Ltd, Pune (India)
WebKit
Available for: macOS Ventura and macOS Sonoma
Impact: Processing maliciously crafted web content may lead to universal
cross site scripting
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 268724
CVE-2024-40857: Ron Masas
Additional recognition
Safari
We would like to acknowledge Hafiizh and YoKo Kho (@yokoacc) of HakTrak
for their assistance.
Safari 18 may be obtained from the Mac App Store.
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
