Arbitrary File Read Vulnerability in WebKit
CVE-2014-1297 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.
Learn more about our Cis Benchmark Audit For Safari Browser.