Systems Affected
Apple Safari versions prior to 8.0.7
Apple Safari versions prior to 7.1.7
Apple Safari versions prior to 6.2.7
Threat Level
Overview
Multiple vulnerabilities have been reported in the Webkit component of Apple Safari which could allow remote attackers to bypass intended security restrictions, access potentially sensitive information, execute arbitrary code or cause a denial of service (DoS) condition on the affected systems.
Description
1. Cross-Site Request Forgery Vulnerability ( CVE-2015-3658 )
This vulnerability exist in page loading functionality due to improper handling of redirects while sending an Origin header. A remote attacker could exploit this vulnerability by enticing users to visit a specially crafted website.
Successful exploitation of this vulnerability could allow the attacker to bypass CSRF protection mechanisms and conduct Cross Site Request Forgery (CSRF) attacks.
2. Arbitrary Code Execution Vulnerability ( CVE-2015-3659 )
This vulnerability occurs due to SQLite authorizer in WebKit does not properly restrict access to SQL functions. Successful exploitation of this issue could allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
3. Cross-site scripting (XSS) Vulnerability ( CVE-2015-3660 )
This vulnerability exists in Webkit PDF functionality due to improper handling of user-supplied input. A remote attacker could exploit this vulnerability.
Successful exploitation of this vulnerability could allow remote attackers to inject arbitrary web script or HTML code by enticing users to load a specially crafted URL in an embedded PDF content.
4. Information Disclosure Vulnerability ( CVE-2015-3727 )
This vulnerability occurs due to improper authorization checks for renaming operations on WebSQL tables. Successful exploitation of this vulnerability could allow remote attackers to access WebSQL databases of other web sites via an specially crafted website.
Impact
Solution/ Workarounds
✻ Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.
References
http://www.cert-in.org.in/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|