OSVDB ID: 84209

Title: WebKit File URL Handling Sandbox Bypass Arbitrary File Access Weakness

Info

Disclosure

Jul 25, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 25, 2012

Description

WebKit contains a flaw related to the handling of 'file://' URLs. This may allow a context-dependent attacker to bypass sandbox restrictions and gain access to potentially sensitive files.

Classification

Location: Context Dependent
Impact: Loss of Confidentiality
Solution: Third-Party Solution
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Vuln Dependent, Web Related

Solution

OSVDB is not currently aware of a solution for this vulnerability. Upgrade to Apple Safari version 6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Inc.

Safari

5.1.7

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/84209