Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Google Android Vulnerabilities
March 13, 2024
Rewterz
Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
March 13, 2024

Rewterz Threat Advisory – Multiple Apple Safari Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-23284 CVSS:6.5

Apple Safari could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to prevent Content Security Policy from being enforced.

CVE-2024-23280 CVSS:6.5

Apple Safari could allow a remote attacker to bypass security restrictions, caused by an injection issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to fingerprint the user.

CVE-2024-23254 CVSS:6.5

Apple Safari could allow a remote attacker to obtain sensitive information, caused by an issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to exfiltrate audio data cross-origin.

CVE-2024-23252 CVSS:6.5

Apple Safari is vulnerable to a denial of service, caused by an issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to cause a denial of service.

CVE-2024-23273 CVSS:6.5

Apple Safari could allow a remote attacker to bypass security restrictions, caused by an issue in the Safari Private Browsing component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to access Private Browsing tabs without authentication.

CVE-2024-23263 CVSS:6.5

Apple Safari could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to prevent Content Security Policy from being enforced.

Impact

  • Denial of Service
  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2024-23284
  • CVE-2024-23280
  • CVE-2024-23254
  • CVE-2024-23252
  • CVE-2024-23273
  • CVE-2024-23263

Affected Vendors

Apple

Affected Products

  • Apple Safari 17.3

Remediation

Refer to Apple security document for patch, upgrade or suggested workaround information.

Apple security document