![]() Impact: An attacker in a privileged network position may be able to intercept and alter network traffic to applications using WKWebView with HTTPSĭescription: A certificate validation issue existed in the handling of WKWebView. The issue was addressed by restricting HTTP/0.9 responses to default ports and canceling resource loads if the document was loaded with a different HTTP protocol version.ĭescription: A memory corruption issue was addressed through improved state management. ![]() Impact: A malicious website may be able to access non-HTTP servicesĭescription: Safari's support of HTTP/0.9 allowed cross-protocol exploitation of non-HTTP services using DNS rebinding. ![]() This was addressed though additional ownership checks.ĭescription: Multiple memory corruption issues were addressed through improved memory handling.ĬVE-2016-4759: Tongbo Luo of Palo Alto NetworksĬVE-2016-4762: Zheng Huang of Baidu Security LabĬVE-2016-4768: Anonymous working with Trend Micro's Zero Day Initiative Impact: Visiting a maliciously crafted website may leak sensitive dataĭescription: A permissions issue existed in the handling of the location variable. This was addressed through improved validation. Impact: Processing maliciously crafted web content may lead to arbitrary code executionĭescription: A parsing issue existed in the handling of error prototypes.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |