关键漏洞信息 Safari 18.4 CVE-2023-24186: - Impact: A malicious website may be able to claim WebAuthn credentials from another website that shares a registration. - Description: The issue was addressed with improved input validation. CVE-2023-30495: - Impact: A website may be able to bypass Same Origin Policy. - Description: The issue was addressed through improved state management. CVE-2023-24195: - Impact: Visiting a malicious website may lead to user interface spoofing. - Description: The issue was addressed with improved UI. CVE-2023-30497: - Impact: A website may be able to access sensor information without user consent. - Description: The issue was addressed with improved checks. CVE-2023-24197: - Impact: A download's origin may be incorrectly associated. - Description: This issue was addressed through improved state management. Web Extensions CVE-2023-31864: - Impact: An app may gain unauthorized access to Local Network. - Description: This issue was addressed with improved permissions checking. CVE-2023-24192: - Impact: Visiting a website may leak sensitive data. - Description: A script imports issue was addressed with improved isolation. WebKit WebKit BugID 230502: - Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. - Description: The issue was addressed with improved memory handling. CVE-2023-24204: - Impact: Processing maliciously crafted web content may lead to an unexpected process crash. - Description: A buffer overflow issue was addressed with improved memory handling. WebKit BugID 230838: - Impact: Loading a malicious iframe may lead to a cross-site scripting attack. - Description: A permissions issue was addressed with additional restrictions. WebKit BugID 230543: - Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. - Description: A use-after-free issue was addressed with improved memory management. WebKit BugID 230836: - Impact: A malicious website may be able to track users in Safari private browsing mode. - Description: The issue was addressed through improved state management.