How severe is CVE-2024-44187?

CVE-2024-44187 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2024-44187

6.5MEDIUM

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 a

Published: 9/17/2024Updated: 11/4/2025

Description

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

AI AnalysisPowered by AI

Affected Products

applesafari

appleipados

appleiphone_os

applemacos

appletvos

applevisionos

applewatchos

References

https://support.apple.com/en-us/121238
Release NotesVendor Advisory
https://support.apple.com/en-us/121240
Release NotesVendor Advisory
https://support.apple.com/en-us/121241
Release NotesVendor Advisory
https://support.apple.com/en-us/121248
Release NotesVendor Advisory
https://support.apple.com/en-us/121249
Release NotesVendor Advisory
https://support.apple.com/en-us/121250
Release NotesVendor Advisory
http://seclists.org/fulldisclosure/2024/Sep/32
http://seclists.org/fulldisclosure/2024/Sep/33
http://seclists.org/fulldisclosure/2024/Sep/36
http://seclists.org/fulldisclosure/2024/Sep/37
https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html