CVE-2024-54467
Description
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.
CWE
- CWE-200 — CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Affected
- Apple / Safari — v=0 <18 [affected]
- Apple / iOS and iPadOS — v=0 <18 [affected]
- Apple / macOS — v=0 <15 [affected]
- Apple / tvOS — v=0 <18 [affected]
- Apple / visionOS — v=0 <2 [affected]
- Apple / watchOS — v=0 <11 [affected]
CVSS
- (none)
References
- https://support.apple.com/en-us/121238
- https://support.apple.com/en-us/121240
- https://support.apple.com/en-us/121241
- https://support.apple.com/en-us/121248
- https://support.apple.com/en-us/121249
- https://support.apple.com/en-us/121250
Source
cvelistV5-main/cves/2024/54xxx/CVE-2024-54467.json