Primary

Context

Apple WebKit Malicious Iframe Download Settings Bypass Vulnerability

Vulnerability

Patched

A vulnerability in WebKit allows a malicious iframe to manipulate another website's download settings. This issue affects multiple Apple platforms, including iOS, iPadOS, macOS Tahoe, and visionOS, all in version 26.5. The vulnerability arises from improper user interface management, which could be exploited to interfere with file downloads.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in download behavior, potentially causing files to be downloaded without user consent or knowledge.

Added: May 11, 2026, 9:45 PM

Updated: May 11, 2026, 9:45 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.2

remediation

7.7

relevance

8.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.2

remediation

7.7

relevance

8.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apple WebKit Malicious Iframe Download Settings Bypass Vulnerability

Vulnerability

Impact

Affected Products

Apple iOS

Apple iPadOS

Apple macOS

Apple visionOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating