Primary

Context

Apple WebKit and Safari Same Origin Policy Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in Apple WebKit and Safari that allows a website to bypass the Same Origin Policy, potentially leading to unauthorized access or manipulation of data. This issue affects multiple platforms, including iOS, iPadOS, macOS Sequoia, and visionOS. The vulnerability arises from inadequate isolation of script imports, which can be exploited by visiting a malicious website.

Impact

Exploitation of this vulnerability can lead to a bypass of the Same Origin Policy, allowing for unauthorized access to data or resources that should be protected by this security measure.

Remediation

Users can update to Safari 18.4, iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, or visionOS 2.4 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit and Safari Same Origin Policy Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apple Safari

Apple visionOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating