CVE-2023-40417
CVE-2023-40417
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
26 Sep 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.
References
http://seclists.org/fulldisclosure/2023/Oct/2http://seclists.org/fulldisclosure/2023/Oct/3http://seclists.org/fulldisclosure/2023/Oct/8http://seclists.org/fulldisclosure/2023/Oct/9https://support.apple.com/en-us/HT213937https://support.apple.com/en-us/HT213938https://support.apple.com/en-us/HT213940https://support.apple.com/en-us/HT213941https://support.apple.com/kb/HT213937https://support.apple.com/kb/HT213938https://support.apple.com/kb/HT213941