The XSS auditor in WebKit, as used in Apple iOS prior to 9.3 and Safari prior to 9.1, does not properly handle redirects in block mode, which allows remote malicious users to obtain sensitive information via a crafted URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple safari |
||
apple iphone os |