Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Safari < 6.2.7 / 7.1.7 / 8.0.7 Multiple Vulnerabilities

High

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

Versions of Safari prior to 6.2.7 / 7.1.7 / 8.0.7 are reportedly affected by the following vulnerabilities :

- A flaw exists in WebKit Page Loading due to the Origin request header being preserved for cross-origin redirects. A remote attacker can exploit this, via a specially crafted web page, to circumvent cross-site request forgery (XSRF) protections. (CVE-2015-3658) - A flaw exists in the WebKit Storage's SQLite authorizer due to insufficient comparison. A remote attacker can exploit this, via a specially crafted web page, to invoke arbitrary SQL functions, resulting in a denial of service condition or executing arbitrary code. (CVE-2015-3659) - An information disclosure vulnerability exists in WebKit PDF due to improper restrictions, related to JavaScript execution, of links embedded in PDF files. A remote attacker can exploit this, via a specially crafted PDF file, to disclose sensitive information from the file system, including cookies. (CVE-2015-3660) - An information disclosure vulnerability exists in WebKit due to improper restrictions on renaming WebSQL tables. A remote attacker can exploit this, via a specially crafted website, to access WebSQL databases belonging to other websites. (CVE-2015-3727)

Solution

Upgrade to Safari 6.2.7 / 7.1.7 / 8.0.7 or later.