CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-40866

High Severity
Apple
SVRS
61/100
CVSSv3
6.5/10
EPSS
0.00055/1

CVE-2024-40866 is a spoofing vulnerability affecting Safari 18 and macOS Sequoia 15. Visiting a malicious website could lead to address bar spoofing, potentially tricking users into believing they are on a legitimate site. The issue has been addressed with improved UI in the updated software.

Although the CVSS score is 6.5, indicating a medium severity, the SOCRadar Vulnerability Risk Score (SVRS) is 61. While this does not reach the critical threshold of 80, the 'In The Wild' tag emphasizes that this vulnerability is actively being exploited. Address bar spoofing can be used for phishing attacks, leading to potential data theft or malware installation. Users should update to the latest versions of Safari and macOS Sequoia to mitigate this risk.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:N
I:H
A:N
PUBLICATION DATE2024-09-17
LAST MODIFIED2025-03-25

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

1.838
2025-04-18
1.838 | Newly Added (101)Security Vulnerability fixed in Thunderbird 128.9.2Security Vulnerability fixed in Firefox 137.0.2Oracle MySQL CVE-2024-13176 VulnerabilityOracle JDK CVE-2024-27856 Code Injection Vulnerability
fortiguard.com
rss
forum
news
CVE-2024-40866 | Apple Safari up to 14.1.2 UI clickjacking (Nessus ID 208985)
vuldb.com2025-03-10
CVE-2024-40866 | Apple Safari up to 14.1.2 UI clickjacking (Nessus ID 208985) | A vulnerability was found in Apple Safari. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI. The manipulation leads to clickjacking. This vulnerability is handled as CVE-2024-40866. The attack may be launched remotely. There is no exploit available. It is
vuldb.com
rss
forum
news
CVE-2024-40866 | Apple macOS up to 14.7 UI clickjacking (Nessus ID 208985)
vuldb.com2025-03-10
CVE-2024-40866 | Apple macOS up to 14.7 UI clickjacking (Nessus ID 208985) | A vulnerability was found in Apple macOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component UI. The manipulation leads to clickjacking. This vulnerability is known as CVE-2024-40866. The attack can be launched remotely. There is no exploit available. It is
vuldb.com
rss
forum
news
Tageszusammenfassung - 26.09.2024
CERT.at2024-12-02
Tageszusammenfassung - 26.09.2024 | End-of-Day report Timeframe: Mittwoch 25-09-2024 18:00 - Donnerstag 26-09-2024 18:00 Handler: Alexander Riepl Co-Handler: Michael Schlagenhaufer News Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC Cisco Talos- Vulnerability Research team recently disclosed two vulnerabilities in Microsoft products that have been patched by the company over the past two Patch Tuesdays. One is a vulnerability in the High-Definition Audio Bus Driver
cert.at
rss
forum
news

Social Media

New post from https://t.co/uXvPWJy6tj (CVE-2024-40866 | Apple Safari up to 14.1.2 UI clickjacking (Nessus ID 208985)) has been published on https://t.co/jYyfIEtiTh
0
0
0
🚨 Important Security Alert! DSA-5792-1 #webkit2gtk update fixes critical vulnerabilities CVE-2024-40866 & CVE-2024-44187. Stay secure - update your systems ASAP! #CyberSecurity #TechNews
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppApplesafari
OSApplemacos

References

ReferenceLink
[email protected]https://support.apple.com/en-us/121238
[email protected]https://support.apple.com/en-us/121241
[email protected]https://support.apple.com/en-us/121238
[email protected]https://support.apple.com/en-us/121241

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence