October 13, 2024 at 02:30PM
Apple released updates for Safari 18 on September 16, 2024, addressing three cross-origin vulnerabilities (CVE-2024-40866, CVE-2024-44187, CVE-2024-40857) that could lead to data exfiltration and universal cross-site scripting. Updates are available for macOS Ventura and macOS Sonoma.
### Meeting Takeaways:
**Apple ID:** 121241
**Release Date:** September 16, 2024
**Security Vulnerabilities Identified:**
1. **CVE-2024-40866**
– **Description:** A cross-origin issue with “iframe” elements was addressed by improving tracking of security origins.
– **Impact:** A malicious website may exfiltrate data cross-origin.
– **Affected Product:** Safari 18.
– **Available Updates:** macOS Ventura and macOS Sonoma.
2. **CVE-2024-44187**
– **Description:** A cross-origin issue with “iframe” elements was addressed by improving tracking of security origins.
– **Impact:** A malicious website may exfiltrate data cross-origin.
– **Affected Product:** Safari 18.
– **Available Updates:** macOS Ventura and macOS Sonoma.
3. **CVE-2024-40857**
– **Description:** Resolved through improved state management.
– **Impact:** Processing of maliciously crafted web content may lead to universal cross-site scripting.
– **Affected Product:** Safari 18.
– **Available Updates:** macOS Ventura and macOS Sonoma.
**Summary:** Updates for Safari 18 are available for macOS Ventura and macOS Sonoma to address several cross-origin security vulnerabilities.