![]() Impact: Visiting a malicious website may lead to unintended dialingĭescription: An issue existed in handling of tel://, facetime://, and facetime-audio:// URLs. of Columbia University's Network Security Lab This issue was addressed by limiting time resolution.ĬVE-2015-5825 : Yossi Oren et al. Impact: The Performance API may allow a malicious website to leak browsing history, network activity, and mouse movementsĭescription: WebKit's Performance API could have allowed a malicious website to leak browsing history, network activity, and mouse movements by measuring time. This issue was addressed through improved parsing.ĬVE-2015-3801 : Erling Ellingsen of Facebook Impact: An attacker may be able to create unintended cookies for a websiteĭescription: WebKit would accept multiple cookies to be set in the okie API. These issues were addressed through improved memory handling. Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionĭescription: Multiple memory corruption issues existed in WebKit. This issue was addressed by improved validation of resource origins. Impact: Partially loaded images may exfiltrate data across originsĭescription: A race condition existed in validation of image origins. The issue was addressed through improved malicious site detection. Impact: Navigating to the IP address of a known malicious website may not trigger a security warningĭescription: Safari's Safe Browsing feature did not warn users when visiting known malicious websites by their IP addresses. This issue was addressed by improved validation of extensions. Impact: Safari extensions may be replaced on diskĭescription: A validated, user-installed Safari extension could be replaced on disk without prompting the user. This issue was addressed through a new, authenticated communications channel between Safari extensions and companion apps. Impact: Local communication between Safari extensions and companion apps may be compromisedĭescription: The local communication between Safari extensions such as password managers and their native companion apps could be comprised by another native app. This issue was addressed through improved deletion of quarantine history. Impact: LaunchServices' quarantine history may reveal browsing historyĭescription: Access to LaunchServices' quarantine history may have revealed browsing history based on file downloads. These issues were addressed through improved URL display logic.ĬVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa Impact: Visiting a malicious website may lead to user interface spoofingĭescription: Multiple user interface inconsistencies may have allowed a malicious website to display an arbitrary URL. Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |