CVE-2015-3729 — Apple Safari vulnerability

CWE-2544 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 29.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari Apple IOS Apple Safari 8.0.8 Safari 7.1.8 AND Safari

Timeline

PublishedAug 16

Latest updateMay 14

Description

Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDapple/safari6.0 — 6.2.8+2

▶Appleapple/safari_8.0.8_safari_7.1.8_and_safari6.2.8

▶Appleapple/ios8.4.1

🔴Vulnerability Details

GHSA

GHSA-fw58-f9hm-xghp: Apple Safari before 6↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2015-3729: iOS 8.4.1↗

▶

Apple

CVE-2015-3729: Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8↗

▶