First published: Sun Jun 19 2016(Updated: )
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Safari | <=9.0.3 | |
Apple iPhone OS | <=9.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.