Description
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Apple / Safariunspecified – 15.4
- Apple / tvOSunspecified – 15.4
- Apple / tvOSunspecified – 12.3
- Apple / watchOSunspecified – 8.5
References
- VENDOR_ADVISORYhttps://support.apple.com/en-us/HT213182
- VENDOR_ADVISORYhttps://support.apple.com/en-us/HT213193
- VENDOR_ADVISORYhttps://support.apple.com/en-us/HT213183
- VENDOR_ADVISORYhttps://support.apple.com/en-us/HT213186
- VENDOR_ADVISORYhttps://support.apple.com/en-us/HT213187