CVE-2024-40785
Description
This issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to a cross site scripting attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Processing maliciously crafted web content in Apple Safari may lead to a cross-site scripting (XSS) attack.
Vulnerability
Description
CVE-2024-40785 is a cross-site scripting (XSS) vulnerability in Apple's WebKit engine, which underpins Safari and other web content rendering across Apple platforms. The bug was present in the processing of maliciously crafted web content, and Apple has addressed it with improved checks [1][2][4].
Attack
Vector and Prerequisites
An attacker can exploit this vulnerability by serving a specially crafted web page to a user. The attack requires no authentication or special network position; simply visiting the malicious web page in a vulnerable version of Safari or an application using WebKit is sufficient to trigger the flaw [1][2][4].
Impact
Successful exploitation could allow the attacker to execute arbitrary JavaScript in the context of the user's session, potentially leading to theft of cookies, session tokens, or other sensitive data, as well as performing actions on behalf of the user on other websites. Apple assesses the impact as potentially leading to a cross-site scripting attack [1][2][4].
Mitigation and
Patches
Apple has released security updates for affected platforms: Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, and watchOS 10.6 [1][2][4]. Users should update their devices to the latest software versions to mitigate the risk. No workarounds have been publicly disclosed by Apple.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
45- osv-coords38 versionspkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
< 2.44.3-150400.4.88.1+ 37 more
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150600.12.9.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150600.12.9.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150600.12.9.1
- (no CPE)range: < 2.44.3-150200.118.1
- (no CPE)range: < 2.44.3-150200.118.1
- (no CPE)range: < 2.44.3-150200.118.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150600.12.9.1
- (no CPE)range: < 2.44.3-4.12.1
- (no CPE)range: < 2.44.3-150200.118.1
- (no CPE)range: < 2.44.3-150200.118.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-4.12.1
- (no CPE)range: < 2.44.3-150200.118.1
- (no CPE)range: < 2.44.3-150200.118.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-4.12.1
- (no CPE)range: < 2.44.3-4.12.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150600.12.9.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150600.12.9.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150600.12.9.1
- (no CPE)range: < 2.44.3-150400.4.88.1
- (no CPE)range: < 2.44.3-150400.4.88.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
27- seclists.org/fulldisclosure/2024/Jul/15nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/16nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/17nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/18nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/21nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/22nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2024/Jul/23nvdMailing ListThird Party Advisory
- support.apple.com/en-us/HT214116nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214117nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214119nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214121nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214122nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214123nvdRelease NotesVendor Advisory
- support.apple.com/en-us/HT214124nvdRelease NotesVendor Advisory
- lists.debian.org/debian-lts-announce/2024/09/msg00006.htmlnvd
- support.apple.com/en-us/120908nvd
- support.apple.com/en-us/120909nvd
- support.apple.com/en-us/120911nvd
- support.apple.com/en-us/120913nvd
- support.apple.com/en-us/120914nvd
- support.apple.com/en-us/120915nvd
- support.apple.com/en-us/120916nvd
- support.apple.com/kb/HT214116nvd
- support.apple.com/kb/HT214117nvd
- support.apple.com/kb/HT214119nvd
- support.apple.com/kb/HT214122nvd
- support.apple.com/kb/HT214124nvd
News mentions
0No linked articles in our index yet.