CCE-50334-2Platform: cpe:/o:apple:mac_os_14 | Date: (C)2024-01-24 (M)2024-01-24 |
Apple uses the Google Safe Browsing API to check for fraudulent websites and report them to the user attempting to visit one.
Rationale:Attackers use crafted web pages to social engineer users to load unwanted content. Warning users prior to loading the content enables better security.
Impact:Once-compromised websites serving malware could be sanitized and remain in the database, though there is no widespread reporting of that risk.
Remediation:
Profile Method:
Create or edit a configuration profile with the following information:
1. The PayloadType string is com.apple.Safari
2. The key to include is WarnAboutFraudulentWebsites
3. The key must be set to: <true/>
Parameter:
[Yes/No]
Technical Mechanism:
Remediation:
Profile Method:
Create or edit a configuration profile with the following information:
1. The PayloadType string is com.apple.Safari
2. The key to include is WarnAboutFraudulentWebsites
3. The key must be set to: true/
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.8 | Attack Vector: NETWORK |
Exploit Score: 2.8 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: REQUIRED |
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97010 |