CVE-2014-4465: Input Validation
First published: Wed Dec 10 2014(Updated: )
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tvOS | <=7.0.1 | |
| Apple iPhone OS | <=8.1.2 | |
| Apple Safari | <=6.2.0 | |
| Apple Safari | =7.1.0 | |
| Apple Safari | =8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html
- http://support.apple.com/HT204245
- http://support.apple.com/HT204246
- http://support.apple.com/kb/HT6596
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/tvos
- version/tvos/7.0.1
- canonical/apple iphone os
- version/apple iphone os/8.1.2
- canonical/apple safari
- version/apple safari/6.2.0
- version/apple safari/7.1.0
- version/apple safari/8.0.0