HomePentest-Tools.com Logo

Apple Safari Multiple Vulnerabilities -01 Apr15 (Mac OS X) CVE-2015-1112CVE-2015-1119CVE-2015-1120CVE-2015-1121CVE-2015-1122CVE-2015-1124CVE-2015-1126CVE-2015-1127CVE-2015-1128CVE-2015-1129

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apple Safari is prone to multiple vulnerabilities.

Risk description

Multiple flaws are due to: - a flaw in client certificate matching during SSL authentication. - a flaw in private browsing mode that is triggered when responding to push notification requests. - a flaw in loader/icon/IconController.cpp script in WebKit as URLs visited during private browsing are stored in WebpageIcons.db. - An unspecified state management issue in apple safari. - A flaw in WebKit that is triggered as user-supplied input is not properly validated. - A flaw in WebKit that is triggered when handling credentials for FTP URLs. Successful exploitation will allow attacker to unexpectedly gain knowledge of sites visited during private browsing, context-dependent attacker to track a users web traffic and gain access to a users browsing history, potentially execute arbitrary code, to access cross-origin resources, cause a users browser history to not be completely purged from history.plist.

Recommendation

Upgrade to Apple Safari version 6.2.5 or 7.1.5 or 8.0.5 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 10, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available