Bg

Advisories

Advisories

Summary

Address Bar Spoofing vulnerability on WebKit for Safari versions before 18.

Visiting a malicious website may lead to address bar spoofing.

Vendor / Vendor Homepage:
Apple / apple[dot]com

Affected Products:
WebKit for Safari versions before 18

Fixed Version:
WebKit for Safari version 18

CVE-ID:
CVE-2024-40866

CVSS Score - NVD: 6.5/Medium - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:
https://support.apple.com/en-us/121241
https://support.apple.com/en-us/121238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40866
https://nvd.nist.gov/vuln/detail/CVE-2024-40866

Acknowledgement

Hafiizh with YoKo Kho from HakTrak Cybersecurity Squad