CVE-2015-3753Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure6 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 29.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple Iphone OSApple SafariApple TV+2 more
Timeline
PublishedAug 16
Latest updateMay 14

Description

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

NVDapple/safari6.06.2.8+2
NVDapple/iphone_os< 8.4.1
Appleapple/ios8.4.1
Appleapple/apple_tv7.2.1

🔴Vulnerability Details

2
GHSA
GHSA-4vr7-cqg2-r964: WebKit in Apple Safari before 62022-05-14
OSV
CVE-2015-3753: WebKit in Apple Safari before 62015-08-16

📋Vendor Advisories

3
Apple
CVE-2015-3753: Apple TV 7.2.1
Apple
CVE-2015-3753: Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
Apple
CVE-2015-3753: iOS 8.4.1
CVE-2015-3753 — Sensitive Information Exposure in Apple | cvebase