AppleCVE-2024-40817CVE-2024-40817
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
33.0%
The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing.
Affected configurations
CNA Affected
[
{
"vendor": "Apple",
"product": "Safari",
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "17.6",
"versionType": "custom"
}
]
},
{
"vendor": "Apple",
"product": "macOS",
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "13.6",
"versionType": "custom"
}
]
},
{
"vendor": "Apple",
"product": "macOS",
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "14.6",
"versionType": "custom"
}
]
},
{
"vendor": "Apple",
"product": "macOS",
"versions": [
{
"version": "unspecified",
"status": "affected",
"lessThan": "12.7",
"versionType": "custom"
}
]
}
]References
seclists.org/fulldisclosure/2024/Jul/15
seclists.org/fulldisclosure/2024/Jul/18
seclists.org/fulldisclosure/2024/Jul/19
seclists.org/fulldisclosure/2024/Jul/20
support.apple.com/en-us/HT214118
support.apple.com/en-us/HT214119
support.apple.com/en-us/HT214120
support.apple.com/en-us/HT214121
support.apple.com/kb/HT214121
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
33.0%