Zachary Durber

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.2.6 Apple Safari versions 7.x prior to 7.1.6 Apple Safari versions 8.x prior to 8.0.6 **Description** The issue concerns the page-loading implementation in WebKit, which does not properly handle the rel attribute in an A element. This allows remote attackers to bypass the Same Origin Policy for a link's target and spoof the user interface via a crafted web site. **Recommendations** For Apple Safari versions prior to 6.2.6, update to version 6.2.6 or later. For Apple Safari versions 7.x prior to 7.1.6, update to version 7.1.6 or later. For Apple Safari versions 8.x prior to 8.0.6, update to version 8.0.6 or later.