PT-2014-4043 · Apple · Safari+2
Graham Bennett
+1
·
Publicado
2014-02-27
·
Atualizado
2014-02-27
·
CVE-2014-1257
CVSS v2.0
3.6
Baixa
| Vetor | AV:L/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Apple OS X versions through 10.8.5
Description
The issue concerns CFNetwork in Apple OS X, where session cookies are not removed when the Safari browser is reset. This allows physically proximate attackers to bypass access restrictions by exploiting an unattended workstation.
Recommendations
For Apple OS X versions through 10.8.5, manually clear session cookies after resetting Safari to prevent unauthorized access.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cfnetwork
Os X
Safari