CVE-2015-1127: Infoleak
First published: Fri Apr 10 2015(Updated: )
The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | <=6.2.4 | |
| Apple Safari | =7.0 | |
| Apple Safari | =7.0.1 | |
| Apple Safari | =7.0.2 | |
| Apple Safari | =7.0.3 | |
| Apple Safari | =7.0.4 | |
| Apple Safari | =7.0.5 | |
| Apple Safari | =7.0.6 | |
| Apple Safari | =7.1.0 | |
| Apple Safari | =7.1.1 | |
| Apple Safari | =7.1.2 | |
| Apple Safari | =7.1.3 | |
| Apple Safari | =7.1.4 | |
| Apple Safari | =8.0.0 | |
| Apple Safari | =8.0.1 | |
| Apple Safari | =8.0.2 | |
| Apple Safari | =8.0.3 | |
| Apple Safari | =8.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-1127?
CVE-2015-1127 has been rated as a medium severity vulnerability due to the potential exposure of sensitive browsing history.
How do I fix CVE-2015-1127?
To fix CVE-2015-1127, upgrade your Apple Safari to version 6.2.5, 7.1.5, or 8.0.5 or later.
What versions of Apple Safari are affected by CVE-2015-1127?
CVE-2015-1127 affects Apple Safari versions before 6.2.5, all 7.x versions before 7.1.5, and all 8.x versions before 8.0.5.
What kind of information can be exposed due to CVE-2015-1127?
CVE-2015-1127 may allow local users to read sensitive information by accessing the browsing history stored in the index.
Is CVE-2015-1127 limited to Safari on specific operating systems?
Yes, CVE-2015-1127 is specifically associated with Apple Safari running on macOS and iOS.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- vendor/apple
- canonical/apple safari
- version/apple safari/6.2.4
- version/apple safari/7.0
- version/apple safari/7.0.1
- version/apple safari/7.0.2
- version/apple safari/7.0.3
- version/apple safari/7.0.4
- version/apple safari/7.0.5
- version/apple safari/7.0.6
- version/apple safari/7.1.0
- version/apple safari/7.1.1
- version/apple safari/7.1.2
- version/apple safari/7.1.3
- version/apple safari/7.1.4
- version/apple safari/8.0.0
- version/apple safari/8.0.1
- version/apple safari/8.0.2
- version/apple safari/8.0.3
- version/apple safari/8.0.4