PT-2015-6258 · Apple+3 · Safari+4

Peter Rutenbar

·

Published

2015-07-01

·

Updated

2024-06-15

·

CVE-2015-3659

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 6.2.7 Apple Safari versions 7.x prior to 7.1.7 Apple Safari versions 8.x prior to 8.0.7
Description The issue is related to the SQLite authorizer in the Storage functionality in WebKit, which does not properly restrict access to SQL functions. This allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site.
Recommendations For Apple Safari versions prior to 6.2.7, update to version 6.2.7 or later. For Apple Safari versions 7.x prior to 7.1.7, update to version 7.1.7 or later. For Apple Safari versions 8.x prior to 8.0.7, update to version 8.0.7 or later.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2016-1245
ALT-PU-2016-1315
CVE-2015-3659
MGASA-2016-0116
MGASA-2016-0120
OPENSUSE-SU-2024:10461-1
USN-2937-1
ZDI-15-291

Affected Products

Alt Linux
Sqlite
Safari
Ubuntu
Webkit