Primary

Context

Apple WebKit Cross-Origin Data Exfiltration Vulnerability

Vulnerability

Patched

A cross-origin data exfiltration vulnerability has been identified in the WebKit component of multiple Apple operating systems, including iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, watchOS 11.5, and visionOS 2.5. This vulnerability allows a malicious website to exfiltrate data from the user's browser.

Impact

Exploitation of this vulnerability could lead to unauthorized data exfiltration from the user's browser, potentially allowing attackers to access sensitive information without the user's consent.

Remediation

Users can update to the latest versions of iOS, iPadOS, macOS Sequoia, tvOS, watchOS, and visionOS to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit Cross-Origin Data Exfiltration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apple watchOS

Apple tvOS

Apple macOS Sequoia

Apple visionOS

Apple Safari

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating