The Common Vulnerabilities and Exposures (CVE) database has reported a vulnerability identified as CVE-2023-38572, which allows a website to bypass the Same-Origin Policy (SOP), a crucial security mechanism present in modern web browsers. Apple has recently released patches for this vulnerability, providing improved security checks in its software updates for iOS, iPadOS, tvOS, macOS Ventura, Safari, and watchOS.

Exploit Details

The vulnerability aims to exploit the Same-Origin Policy, which is a security policy implemented in web browsers to ensure that web pages from one origin can only access resources from the same origin. This policy prevents malicious code from accessing sensitive data stored in a browser across different origins.

The exploit allows a website to bypass the Same-Origin Policy, potentially leading to unauthorized access to user data stored in the browser by another website. This can result in numerous security risks, including personal information leaks, or attacks on web applications running on the affected device.

The entry in the CVE database can be found here

Code Snippet

The actual code demonstrating this exploit is undisclosed to protect user privacy. However, a simplified version of a code snippet that illustrates the principle behind this vulnerability might look like this:

// Origin A
var data = "Sensitive data";
localStorage.setItem("sensitiveData", data);

// Origin B
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function () {
  if (this.readyState == 4 && this.status == 200) {
    console.log("Accessed sensitive data from Origin A:");
};"GET", "";, true);
xhr.withCredentials = true;

Apple's Security Updates

To fix this vulnerability, Apple has made improvements to its security checks present in browsers, assuring that the Same-Origin Policy is adequately enforced. This fix is available in the following software versions:

watchOS 9.6

To ensure the security of your information and online activities, it is highly recommended that you promptly update your Apple devices to these latest software versions.


The CVE-2023-38572 vulnerability sheds light on the importance of the Same-Origin Policy in preserving the security of websites and user information. Apple's latest software updates have addressed the issue, to prevent any potential abuses of this policy. Users should take appropriate steps to maintain their device security by keeping software up-to-date and reporting any suspicious activities or concerns to the appropriate authorities.


Published on: 07/27/2023 01:15:36 UTC
Last modified on: 08/18/2023 03:15:15 UTC