Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Safari: Malicious websites may access sensitive browser data
CVE-2026-28861
Summary
A logic issue in Safari and other Apple operating systems allowed malicious websites to access sensitive browser data that was intended for other websites. This has been fixed in the latest updates, so make sure to update your software as soon as possible. Updating will help protect your users' sensitive information from unauthorized access.
Original title
A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious ...
Original description
A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins.
Published: 25 Mar 2026 · Updated: 25 Mar 2026 · First seen: 25 Mar 2026