Brad Hill

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.2.7 Apple Safari versions 7.x prior to 7.1.7 Apple Safari versions 8.x prior to 8.0.7 **Description** The issue arises from the Page Loading functionality in WebKit, which does not properly handle redirects when deciding to send an Origin header. This oversight allows remote attackers to bypass CSRF protection mechanisms by crafting a malicious web site. **Recommendations** For Apple Safari versions prior to 6.2.7, update to version 6.2.7 or later. For Apple Safari versions 7.x prior to 7.1.7, update to version 7.1.7 or later. For Apple Safari versions 8.x prior to 8.0.7, update to version 8.0.7 or later.