CVE-2015-3751

Name of the Vulnerable Software and Affected Versions Safari versions prior to 6.2.8 Safari versions 7.x prior to 7.1.8 Safari versions 8.x prior to 8.0.8 iOS versions prior to 8.4.1

Description The issue allows remote attackers to bypass a Content Security Policy protection mechanism. This can be achieved by using a video control in conjunction with an IMG element within an OBJECT element. The vulnerability is related to errors in security settings, which can be exploited by a remote attacker to bypass access restriction rules using embedded video content management mechanisms.

Recommendations For Safari versions prior to 6.2.8, update to version 6.2.8 or later. For Safari versions 7.x prior to 7.1.8, update to version 7.1.8 or later. For Safari versions 8.x prior to 8.0.8, update to version 8.0.8 or later. For iOS versions prior to 8.4.1, update to version 8.4.1 or later.