WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
http://www.securityfocus.com/bid/76766
http://www.securitytracker.com/id/1033609
OR
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* versions up to 8.0.8 (inclusive)
OR
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 8.4.1 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89950 | openSUSE Security Update : webkit2gtk3 (openSUSE-2016-340) | Nessus | SuSE Local Security Checks | medium |
8979 | Apple iOS < 9.0 Multiple Vulnerabilities | Nessus Network Monitor | Mobile Devices | high |
8976 | Safari < 9.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
86270 | Mac OS X < 10.11 Multiple Vulnerabilities (GHOST) | Nessus | MacOS X Local Security Checks | critical |
86252 | Mac OS X : Apple Safari < 9.0 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
85987 | Apple iOS < 9.0 Multiple Vulnerabilities | Nessus | Mobile Devices | critical |