First published: Fri Jul 03 2015(Updated: )
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPhone OS | <=8.3 | |
Apple Mac OS X | <=10.10.3 | |
Apple Safari | <=6.2.6 | |
Apple Safari | =7.0 | |
Apple Safari | =7.0.1 | |
Apple Safari | =7.0.2 | |
Apple Safari | =7.0.3 | |
Apple Safari | =7.0.4 | |
Apple Safari | =7.0.5 | |
Apple Safari | =7.0.6 | |
Apple Safari | =7.1.0 | |
Apple Safari | =7.1.1 | |
Apple Safari | =7.1.2 | |
Apple Safari | =7.1.3 | |
Apple Safari | =7.1.4 | |
Apple Safari | =7.1.5 | |
Apple Safari | =7.1.6 | |
Apple Safari | =8.0 | |
Apple Safari | =8.0.1 | |
Apple Safari | =8.0.2 | |
Apple Safari | =8.0.3 | |
Apple Safari | =8.0.4 | |
Apple Safari | =8.0.5 | |
Apple Safari | =8.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.