Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Apple fixes cookie access vulnerability in safari on billions of devices

Apple fixes cookie access vulnerability in safari on billions of devices

2015/04/14

Threatpost - (International) A recent Apple update patched a cookie cross-domain vulnerability in all versions of the Safari Web browser on iOS, OS X, and Windows, that affected up to 1 billion devices, and was a result of the way Safari handled its file transfer protocol (FTP) uniform resource locator (URL) scheme, which could allow attackers to call upon documents to access and modify cookies belonging to Apple.com via JavaScript (JS). The update also patched a proxy manipulation vulnerability in iOS and multiple kernel vulnerabilities in OS X.

Source: https://threatpost.com/apple-fixes-cookie-access-vulnerability-in-safari-on-billions-of-devices/112246

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:04