CNNVD-202512-3210 Information
CNNVD ID
CNNVD-202512-3210
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Apple Safari和Apple macOS都是美国苹果(Apple)公司的产品。Apple Safari是一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器。Apple macOS是一套专为Mac计算机所开发的专用操作系统。 Apple macOS Tahoe 26.2之前版本和Apple Safari 26.2之前版本存在安全漏洞,该漏洞源于URL验证不当,可能导致在启用锁定模式的Mac上,通过文件URL打开的Web内容使用本应受限的Web API。
Description (English)
Apple Safari and Apple MacOS are products of Apple. Apple Safari is a Web browser, a default browser attached to Mac OS X and iOS operating systems. Apple MacOS is a dedicated operating system developed for Mac computers. There is a security loophole in previous versions of Apple MacOS Tahoe 26.2 and in previous versions of Apple Safari 26.2, which stems from the inappropriate verification of URLs, which may lead to the use of Web API, which should have been restricted to Web API on the Mac that enabled the locking mode, open through URL.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
苹果
Published
2025-12-17
Last Modified
2026-02-24
References
https://support.apple.com/en-us/125886 https://support.apple.com/en-us/125892 https://access.redhat.com/security/cve/cve-2025-43526
Patch
https://support.apple.com/en-us/125886
Share on: