CVE-2015-3754

Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 6.2.8 Apple Safari versions 7.x prior to 7.1.8 Apple Safari versions 8.x prior to 8.0.8

Description The issue is related to the private-browsing implementation in WebKit, which does not prevent caching of HTTP authentication credentials. This makes it easier for remote attackers to track users via a crafted web site. The vulnerability in the WebKit component of the Safari browser is associated with a lack of protection for service data, allowing a remote attacker to track user actions using a specially formed website.

Recommendations For Apple Safari versions prior to 6.2.8, update to version 6.2.8 or later. For Apple Safari versions 7.x prior to 7.1.8, update to version 7.1.8 or later. For Apple Safari versions 8.x prior to 8.0.8, update to version 8.0.8 or later.