Reconnecting to live updates…

CVE-2024-44246: On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website in Apple macOS

Medium

VulnerabilityCVE-2024-44246cve cve-2024-44246

Published: Wed Dec 11 2024 (12/11/2024, 22:58:24 UTC)

Source: CVE Database V5

Vendor/Project: Apple

Product: macOS

Description

The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website.

Technical Details

Data Version: 5.2
Assigner Short Name: apple
Date Reserved: 2024-08-20T21:45:40.785Z
Cvss Version: 3.1
State: PUBLISHED

Threat ID: 690929a7fe7723195e0fd564

Added to database: 11/3/2025, 10:16:07 PM

Last updated: 11/3/2025, 10:23:02 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2024-4032: Vulnerability in Python Software Foundation CPython

High

VulnerabilityMon Nov 03 2025

CVE-2024-40867: A remote attacker may be able to break out of Web Content sandbox in Apple iOS and iPadOS

High

VulnerabilityMon Nov 03 2025

CVE-2024-40866: Visiting a malicious website may lead to address bar spoofing in Apple macOS

Medium

VulnerabilityMon Nov 03 2025

CVE-2024-40855: A sandboxed app may be able to access sensitive user data in Apple macOS

Medium

VulnerabilityMon Nov 03 2025

CVE-2024-40851: An attacker with physical access may be able to access contact photos from the lock screen in Apple iOS and iPadOS

Low

VulnerabilityMon Nov 03 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Reference 3 Reference 4 Reference 5 Reference 6 Reference 7 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2024-44246: On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website in Apple macOS

CVE-2024-44246: On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website in Apple macOS

Description

Technical Details

Community Reviews

Related Threats

CVE-2024-4032: Vulnerability in Python Software Foundation CPython

CVE-2024-40867: A remote attacker may be able to break out of Web Content sandbox in Apple iOS and iPadOS

CVE-2024-40866: Visiting a malicious website may lead to address bar spoofing in Apple macOS

CVE-2024-40855: A sandboxed app may be able to access sensitive user data in Apple macOS

CVE-2024-40851: An attacker with physical access may be able to access contact photos from the lock screen in Apple iOS and iPadOS

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility