Arbitrary File Read Vulnerability in WebKit

Arbitrary File Read Vulnerability in WebKit

CVE-2014-1297 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.

Learn more about our Cis Benchmark Audit For Safari Browser.