Apple Safari Security Issue and Multiple Vulnerabilities
Last Update Date:
19 Sep 2014 16:40
Release Date:
19 Sep 2014
4372
Views
RISK: Medium Risk
TYPE: Clients - Browsers
A security issue and multiple vulnerabilities have been identified in Apple Safari, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.
- The application does not properly restrict password autofill functionality for untrusted websites, which can be exploited to disclose saved passwords via e.g. Man-in-the-Middle (MitM) attacks.
- A use-after-free error exists when handling SVG images.
- Multiple unspecified errors exist in WebKit, which can be exploited to cause memory corruption.
Note: Additionally a weakness related to HTML 5 cache data access when using private browsing exists.
Impact
- Information Disclosure
System / Technologies affected
- Versions prior to 6.2 and 7.1.
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 6.2 or 7.1.
Vulnerability Identifier
- CVE-2013-6663
- CVE-2014-4363
- CVE-2014-4410
- CVE-2014-4411
- CVE-2014-4412
- CVE-2014-4413
- CVE-2014-4414
- CVE-2014-4415
Source
Related Link
Share with