Описание
The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 18.2 (исключая)Версия до 17.7.3 (исключая)Версия от 18.0 (включая) до 18.2 (исключая)Версия от 18.0 (включая) до 18.2 (исключая)Версия от 15.0 (включая) до 15.2 (исключая)
Одно из
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00124
Низкий
5.3 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-125
Связанные уязвимости
CVSS3: 4.3
github
около 1 года назад
The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.
EPSS
Процентиль: 32%
0.00124
Низкий
5.3 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-125