Primary

Context

Apple Safari and macOS URL Validation Vulnerability in Lockdown Mode

Vulnerability

Patched

A vulnerability exists in Apple Safari and macOS that allows web content opened via a file URL to access Web APIs that should be restricted, particularly on Macs with Lockdown Mode enabled. This issue arises from inadequate URL validation, which could lead to unauthorized access to sensitive functionalities.

Impact

Exploitation of this vulnerability could allow web content to bypass restrictions and access Web APIs that are normally limited, potentially leading to unauthorized actions or data access.

Remediation

This vulnerability has been addressed in the latest updates of macOS Tahoe 26.2 and Safari 26.2. Users should update to these versions to mitigate the issue.

Added: Dec 17, 2025, 9:38 PM

Updated: Dec 17, 2025, 9:38 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.4

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple Safari and macOS URL Validation Vulnerability in Lockdown Mode

Vulnerability

Impact

Remediation

Affected Products

Apple macOS Tahoe

Apple Safari

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating