Routing Issue in Safari Affects Apple Devices with Private Relay
CVE-2024-44246

5.3MEDIUM

Key Information:

Vendor: Apple
Status: Mac OS; iPad OS; iOS And iPad OS; Safari
Vendor: CVE Published:; 12 December 2024

Summary

A routing issue within Safari has been discovered, specifically impacting Apple devices with Private Relay enabled. When a user adds a website to the Safari Reading List, this flaw may inadvertently expose the user's originating IP address to the website, compromising user privacy and security. This issue has been addressed in the latest updates, ensuring that user data remains protected.

Affected Version(s)

iOS and iPadOS < 18.2

iPadOS < 17.7

macOS < 15.2

References

https://support.apple.com/en-us/121839

https://support.apple.com/en-us/121838

https://support.apple.com/en-us/121837

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2024