Apple WebKit Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability has been identified in WebKit, the engine used by Safari and other Apple applications, including iOS, iPadOS, macOS Sequoia, and visionOS. This vulnerability arises from a cookie management issue that was addressed with improved state management. However, processing maliciously crafted web content could still lead to a cross-site scripting attack. Apple is aware of reports that this issue may have been actively exploited on Intel-based Mac systems.

Impact

Exploitation of this vulnerability could lead to a cross-site scripting attack, allowing an attacker to inject malicious scripts that could be executed in the context of the user's browser.

Remediation

Users can upgrade to the latest versions of Safari, iOS, iPadOS, macOS Sequoia, or visionOS to address this vulnerability. Instructions for downloading these updates are available on the Apple Software Updates page.