A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information.
The product does not properly verify that the source of data or communication is valid.
Link | Tags |
---|---|
https://support.apple.com/en-us/HT210722 | vendor advisory |