The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing.
References
Configurations
Configuration 1 (hide)
|
History
15 Aug 2024, 17:10
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
|
| CWE | CWE-1021 | |
| References | () http://seclists.org/fulldisclosure/2024/Jul/18 - Mailing List, Third Party Advisory | |
| References | () https://support.apple.com/en-us/HT214118 - Release Notes, Vendor Advisory | |
| References | () http://seclists.org/fulldisclosure/2024/Jul/19 - Mailing List, Third Party Advisory | |
| References | () https://support.apple.com/en-us/HT214119 - Release Notes, Vendor Advisory | |
| References | () http://seclists.org/fulldisclosure/2024/Jul/20 - Mailing List, Third Party Advisory | |
| References | () http://seclists.org/fulldisclosure/2024/Jul/15 - Mailing List, Third Party Advisory | |
| References | () https://support.apple.com/kb/HT214121 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/HT214120 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/HT214121 - Release Notes, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| First Time |
Apple safari
Apple Apple macos |
30 Jul 2024, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
29 Jul 2024, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-07-29 23:15
Updated : 2025-03-14 16:15
NVD link : CVE-2024-40817
Mitre link : CVE-2024-40817
JSON object : View
Products Affected
apple
- safari
- macos
CWE
CWE-1021
Improper Restriction of Rendered UI Layers or Frames