Apple · Webkit · CVE-2015-5828
**Name of the Vulnerable Software and Affected Versions**
Apple Safari versions prior to 9
**Description**
The issue concerns the API in the WebKit Plug-ins component, which fails to notify plugins of HTTP Redirection status codes. This allows remote attackers to bypass intended request restrictions by crafting a specific web site. The vulnerability exists due to insufficient input validation, enabling a remote attacker to circumvent existing request restrictions using a specially formed web site.
**Recommendations**
For Apple Safari versions prior to 9, update to version 9 or later to resolve the issue.