Primary

Context

Apple WebKit Same Origin Policy Bypass Vulnerability

Vulnerability

Patched

A vulnerability in WebKit, the engine used by Safari, allows websites to bypass the Same Origin Policy, which is designed to prevent one site from accessing data from another site. This issue affects multiple Apple platforms, including macOS Sequoia, iOS 18.4, iPadOS 18.4, visionOS 2.4, and Safari 18.4. The vulnerability was addressed with improved state management.

Impact

Exploitation of this vulnerability could lead to unauthorized access to data or resources from another origin, potentially allowing for cross-site scripting attacks or other forms of data leakage.

Remediation

Users can update to the latest versions of Safari, iOS, iPadOS, visionOS, or macOS Sequoia to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

4.4

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

4.4

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit Same Origin Policy Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apple Safari

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating