WebKit in Apple Safari prior to 6.2.8, 7.x prior to 7.1.8, and 8.x prior to 8.0.8, as used in iOS prior to 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote malicious users to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple safari |
||
apple iphone os |