Primary

Context

Apple WebKit Cross-Origin Data Exfiltration Vulnerability

Vulnerability

Patched

A vulnerability in WebKit, the engine used by Safari, allows cross-origin data exfiltration. This issue is present in WebKit components of Safari, visionOS, watchOS, iOS, iPadOS, and tvOS, all through version 26.0. The vulnerability arises because a malicious website can exploit this flaw to access and exfiltrate data from other origins, potentially leading to privacy breaches.

Impact

Exploitation of this vulnerability could result in unauthorized cross-origin data exfiltration, compromising user privacy by allowing malicious websites to access sensitive information from other sites.

Remediation

Users can update to Safari 26.1, or the respective 26.1 versions of visionOS, watchOS, iOS, iPadOS, or tvOS, depending on their device.

Added: Nov 4, 2025, 2:26 AM

Updated: Nov 4, 2025, 2:26 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

5.0

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

5.0

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit Cross-Origin Data Exfiltration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apple visionOS

Apple watchOS

Apple tvOS

Apple iPadOS

Apple macOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating