Skip to main content

Apple Safari Security Issue and Multiple Vulnerabilities

Last Update Date: 19 Sep 2014 16:40 Release Date: 19 Sep 2014 4372 Views

RISK: Medium Risk

TYPE: Clients - Browsers

TYPE: Browsers

A security issue and multiple vulnerabilities have been identified in Apple Safari, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.

  1. The application does not properly restrict password autofill functionality for untrusted websites, which can be exploited to disclose saved passwords via e.g. Man-in-the-Middle (MitM) attacks.
  2. A use-after-free error exists when handling SVG images.
  3. Multiple unspecified errors exist in WebKit, which can be exploited to cause memory corruption.

Note: Additionally a weakness related to HTML 5 cache data access when using private browsing exists.


Impact

  • Information Disclosure

System / Technologies affected

  • Versions prior to 6.2 and 7.1.

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 6.2 or 7.1.

Vulnerability Identifier


Source


Related Link