Apple macOS Tahoe
Moderate fix1 remedy
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*, +3 more
Moderate fix1 remedy
Apple WebKit Same Origin Policy Bypass Vulnerability
Vulnerability
Patched
A vulnerability in WebKit, the engine used by Safari, has been identified that allows processing of maliciously crafted web content in a way that bypasses the Same Origin Policy. This issue is present in WebKit versions included with Safari 26.4, iOS 18.7.7, iPadOS 18.7.7, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. The vulnerability arises from inadequate input validation, which can be exploited to manipulate cross-origin interactions.
Impact
Exploitation of this vulnerability can lead to unauthorized cross-origin resource sharing, potentially allowing malicious websites to interact with a user's data or session in ways that should be restricted.
Remediation
Users can update to Safari 26.4, iOS 18.7.7, iPadOS 18.7.7, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, or watchOS 26.4 to address this vulnerability.
Added: Mar 25, 2026, 2:42 AM
Updated: Mar 25, 2026, 2:42 AM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
1.3exploitability
3.8remediation
7.7relevance
4.7threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.