vulnerability

OS X update for Safari (CVE-2023-40417)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Sep 28, 2023	Sep 28, 2023	Mar 27, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Sep 28, 2023

Added

Sep 28, 2023

Modified

Mar 27, 2026

Description

A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.

Solution

apple-osx-upgrade-14

References

CVE-2023-40417
https://attackerkb.com/topics/CVE-2023-40417
EUVD-EUVD-2023-44988
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-44988
https://support.apple.com/kb/HT213940

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report