Released March 7, 2024

Safari Private Browsing

Available for: macOS Monterey and macOS Ventura

Impact: Private Browsing tabs may be accessed without authentication

Description: This issue was addressed through improved state management.

CVE-2024-23273: Matej Rabzelj

WebKit

Available for: macOS Monterey and macOS Ventura

Impact: Processing web content may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 263758
CVE-2024-23252: anbu1024 of SecANT

WebKit

Available for: macOS Monterey and macOS Ventura

Impact: A malicious website may exfiltrate audio data cross-origin

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 263795
CVE-2024-23254: James Lee (@Windowsrcer)

WebKit

Available for: macOS Monterey and macOS Ventura

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A logic issue was addressed with improved validation.

WebKit Bugzilla: 264811
CVE-2024-23263: Johan Carlsson (joaxcar)

WebKit

Available for: macOS Monterey and macOS Ventura

Impact: A maliciously crafted webpage may be able to fingerprint the user

Description: An injection issue was addressed with improved validation.

WebKit Bugzilla: 266703
CVE-2024-23280: an anonymous researcher

WebKit

Available for: macOS Monterey and macOS Ventura

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 267241
CVE-2024-23284: Georg Felber and Marco Squarcina

Additional recognition

Safari

We would like to acknowledge Abhinav Saraswat and Matthew C for their assistance.