OSVDB ID: 84214

Title: Apple Safari feed: URL Handling Arbitrary File Access

Info

Disclosure

Jul 25, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 25, 2012

Description

Apple Safari contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the program fails to properly handle the feed: URL feature, which will allow a context-dependent attacker to upload arbitrary files from the target's computer to a server of their choice.

Classification

Location: Context Dependent
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to version 6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Inc.

Safari

5.1.7

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/84214