Address Bar Spoofing vulnerability on WebKit for Safari versions before 18.
Visiting a malicious website may lead to address bar spoofing.
Vendor / Vendor Homepage:
Apple / apple[dot]com
Affected Products:
WebKit for Safari versions before 18
Fixed Version:
WebKit for Safari version 18
CVE-ID:
CVE-2024-40866
CVSS Score - NVD: 6.5/Medium - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
https://support.apple.com/en-us/121241
https://support.apple.com/en-us/121238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40866
https://nvd.nist.gov/vuln/detail/CVE-2024-40866
Hafiizh with YoKo Kho from HakTrak Cybersecurity Squad