CVE-2014-4363

medium

Description

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.

References

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

http://secunia.com/advisories/61306

https://exchange.xforce.ibmcloud.com/vulnerabilities/96075

http://support.apple.com/kb/HT6440

http://support.apple.com/kb/HT6441

http://www.securitytracker.com/id/1030866

Details

Published: 2014-09-18

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium