First published: Thu Sep 20 2012(Updated: )
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Safari | ||
Apple Safari | <=6.0 | |
Apple Safari | =1.0 | |
Apple Safari | =1.0-beta | |
Apple Safari | =1.0-beta2 | |
Apple Safari | =1.0.0 | |
Apple Safari | =1.0.0b1 | |
Apple Safari | =1.0.0b2 | |
Apple Safari | =1.0.1 | |
Apple Safari | =1.0.2 | |
Apple Safari | =1.0.3 | |
Apple Safari | =1.0.3-85.8 | |
Apple Safari | =1.0.3-85.8.1 | |
Apple Safari | =1.0b1 | |
Apple Safari | =1.1 | |
Apple Safari | =1.1.0 | |
Apple Safari | =1.1.1 | |
Apple Safari | =1.2 | |
Apple Safari | =1.2.0 | |
Apple Safari | =1.2.1 | |
Apple Safari | =1.2.2 | |
Apple Safari | =1.2.3 | |
Apple Safari | =1.2.4 | |
Apple Safari | =1.2.5 | |
Apple Safari | =1.3 | |
Apple Safari | =1.3.0 | |
Apple Safari | =1.3.1 | |
Apple Safari | =1.3.2 | |
Apple Safari | =1.3.2-312.5 | |
Apple Safari | =1.3.2-312.6 | |
Apple Safari | =2 | |
Apple Safari | =2.0 | |
Apple Safari | =2.0.0 | |
Apple Safari | =2.0.1 | |
Apple Safari | =2.0.2 | |
Apple Safari | =2.0.3 | |
Apple Safari | =2.0.3-417.8 | |
Apple Safari | =2.0.3-417.9 | |
Apple Safari | =2.0.3-417.9.2 | |
Apple Safari | =2.0.3-417.9.3 | |
Apple Safari | =2.0.4 | |
Apple Safari | =2.0.4 | |
Apple Safari | =3 | |
Apple Safari | =3.0 | |
Apple Safari | =3.0.0 | |
Apple Safari | =3.0.0 | |
Apple Safari | =3.0.0b | |
Apple Safari | =3.0.0b | |
Apple Safari | =3.0.1 | |
Apple Safari | =3.0.1 | |
Apple Safari | =3.0.1-beta | |
Apple Safari | =3.0.1b | |
Apple Safari | =3.0.1b | |
Apple Safari | =3.0.2 | |
Apple Safari | =3.0.2 | |
Apple Safari | =3.0.2b | |
Apple Safari | =3.0.2b | |
Apple Safari | =3.0.3 | |
Apple Safari | =3.0.3 | |
Apple Safari | =3.0.3b | |
Apple Safari | =3.0.3b | |
Apple Safari | =3.0.4 | |
Apple Safari | =3.0.4 | |
Apple Safari | =3.0.4b | |
Apple Safari | =3.0.4b | |
Apple Safari | =3.1.0 | |
Apple Safari | =3.1.0 | |
Apple Safari | =3.1.0b | |
Apple Safari | =3.1.0b | |
Apple Safari | =3.1.1 | |
Apple Safari | =3.1.1b | |
Apple Safari | =3.1.2 | |
Apple Safari | =3.1.2b | |
Apple Safari | =3.2.0 | |
Apple Safari | =3.2.0b | |
Apple Safari | =3.2.1 | |
Apple Safari | =3.2.1b | |
Apple Safari | =3.2.2 | |
Apple Safari | =3.2.2b | |
Apple Safari | =4.0 | |
Apple Safari | =4.0-beta | |
Apple Safari | =4.0.0b | |
Apple Safari | =4.0.1 | |
Apple Safari | =4.0.2 | |
Apple Safari | =4.0.3 | |
Apple Safari | =4.0.4 | |
Apple Safari | =4.0.5 | |
Apple Safari | =4.1 | |
Apple Safari | =4.1.1 | |
Apple Safari | =4.1.2 | |
Apple Safari | =5.0 | |
Apple Safari | =5.0.1 | |
Apple Safari | =5.0.2 | |
Apple Safari | =5.0.4 | |
Apple Safari | =5.0.5 | |
Apple Safari | =5.0.6 | |
Apple Safari | =5.1 | |
Apple Safari | =5.1.1 | |
Apple Safari | =5.1.2 | |
Apple Safari | =5.1.3 | |
Apple Safari | =5.1.4 | |
Apple Safari | =5.1.5 | |
Apple Safari | =5.1.6 | |
Apple Safari | =5.1.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-3714 is rated as a high severity vulnerability due to its potential to expose sensitive information.
To fix CVE-2012-3714, users should update to Apple Safari version 6.0.1 or later.
CVE-2012-3714 allows remote attackers to craft malicious websites that can retrieve the user's Me card from their Address Book.
CVE-2012-3714 affects all versions of Apple Safari before 6.0.1.
Yes, user data is at risk as remote attackers can gain access to personal information stored in the Address Book.