{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-44187", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-08-20T21:42:05.933Z", "datePublished": "2024-09-16T23:23:16.230Z", "dateUpdated": "2025-11-04T16:15:32.974Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A malicious website may exfiltrate data cross-origin"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "15", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "18", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "18", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "11", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "18", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin."}], "references": [{"url": "https://support.apple.com/en-us/121238"}, {"url": "https://support.apple.com/en-us/121248"}, {"url": "https://support.apple.com/en-us/121249"}, {"url": "https://support.apple.com/en-us/121250"}, {"url": "https://support.apple.com/en-us/121240"}, {"url": "https://support.apple.com/en-us/121241"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-09-16T23:23:16.230Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-346", "lang": "en", "description": "CWE-346 Origin Validation Error"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-17T13:44:18.458972Z", "id": "CVE-2024-44187", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T15:25:26.428Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/37"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/36"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/33"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/32"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T16:15:32.974Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/37"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/36"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/33"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/32"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T16:15:32.974Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-44187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-17T13:44:18.458972Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346 Origin Validation Error"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T13:46:45.960Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "11", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/121238"}, {"url": "https://support.apple.com/en-us/121248"}, {"url": "https://support.apple.com/en-us/121249"}, {"url": "https://support.apple.com/en-us/121250"}, {"url": "https://support.apple.com/en-us/121240"}, {"url": "https://support.apple.com/en-us/121241"}], "descriptions": [{"lang": "en", "value": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A malicious website may exfiltrate data cross-origin"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-09-16T23:23:16.230Z"}}}, "cveMetadata": {"cveId": "CVE-2024-44187", "state": "PUBLISHED", "dateUpdated": "2025-11-04T16:15:32.974Z", "dateReserved": "2024-08-20T21:42:05.933Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-09-16T23:23:16.230Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DCB4657-8F40-418E-8E98-743C271E4CDE", "versionEndExcluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACD3B3B0-329C-413B-BDF7-6B1C6298846E", "versionEndExcluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2222A2EE-00FA-4019-8779-13B82A4F9DD0", "versionEndExcluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8017C16-A17E-4AE7-9A0B-1295200A3A45", "versionEndExcluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F34BD4C1-5C6A-4C6D-BD96-8CC3F3CBFF74", "versionEndExcluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6AE7B0F-C356-4601-9636-617CDD09F009", "versionEndExcluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "05C212C2-3E65-47DB-A0AE-417A8178ADC6", "versionEndExcluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin."}, {"lang": "es", "value": "Exist\u00eda un problema de origen cruzado con los elementos \"iframe\". Esto se solucion\u00f3 mejorando el seguimiento de los or\u00edgenes de seguridad. Este problema se solucion\u00f3 en Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18 y tvOS 18. Un sitio web malicioso puede filtrar datos de origen cruzado."}], "id": "CVE-2024-44187", "lastModified": "2025-11-04T17:16:13.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-17T00:15:52.037", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/121238"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/121240"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/121241"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/121248"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/121249"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/121250"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2024/Sep/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2024/Sep/33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2024/Sep/36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2024/Sep/37"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-346"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:10364", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "webkitgtk4-0:2.48.3-2.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2024:9636", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.46.3-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:8180", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.46.1-2.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:9553", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.46.3-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-13T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: A malicious website may exfiltrate data cross-origin", "id": "2314706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314706"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified"}, "details": ["A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.", "A vulnerability was found in WebKit. This flaw allows a remote attacker to exfiltrate data cross-origin by convincing a victim to visit a specially crafted website, which results in obtaining sensitive information."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-44187", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-09-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-44187\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-44187\nhttps://webkitgtk.org/security/WSA-2024-0005.html"], "threat_severity": "Moderate"}

{}