CVE-2015-3753

Name of the Vulnerable Software and Affected Versions Safari versions prior to 6.2.8 Safari versions 7.x prior to 7.1.8 Safari versions 8.x prior to 8.0.8 iOS versions prior to 8.4.1

Description The issue is related to the WebKit component in Safari and iOS, which does not properly perform taint checking for CANVAS elements. This allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource. The vulnerability is associated with a lack of protection for internal data, which can be exploited by a remote attacker to bypass existing access restrictions and gain access to protected information.

Recommendations For Safari versions prior to 6.2.8, update to version 6.2.8 or later. For Safari versions 7.x prior to 7.1.8, update to version 7.1.8 or later. For Safari versions 8.x prior to 8.0.8, update to version 8.0.8 or later. For iOS versions prior to 8.4.1, update to version 8.4.1 or later.