Primary

Context

Apple WebKit Command Injection Vulnerability via Web Inspector URL Copying

Vulnerability

Patched

A command injection vulnerability has been identified in Apple WebKit. This issue arises when a URL is copied from the Web Inspector, potentially leading to unauthorized command execution. The vulnerability is present in WebKit versions bundled with macOS Sequoia 15.3, Safari 18.3, iOS 18.3, and iPadOS 18.3. The root cause of this vulnerability is a privacy issue related to the handling of files, which has been addressed in the latest updates.

Impact

Exploitation of this vulnerability could result in command injection, allowing for unauthorized command execution on the affected system.

Remediation

Users can update to macOS Sequoia 15.3, Safari 18.3, iOS 18.3, or iPadOS 18.3 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

4.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

4.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit Command Injection Vulnerability via Web Inspector URL Copying

Vulnerability

Impact

Remediation

Affected Products

Apple macOS Sequoia

Apple Safari

Apple iOS

Apple iPadOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating