The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.6. A website may be able to bypass Same Origin Policy.

Related CVEs

CVE-2023-38572

Key Information

GHSA ID

GHSA-qfg5-2446-wqxx

Published

July 27, 2023 3:30 AM

Last Modified

January 5, 2024 3:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: November 23, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.