Bypassing Content Security Policy with Video Control and IMG Element in WebKit

Bypassing Content Security Policy with Video Control and IMG Element in WebKit

CVE-2015-3751 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element.

Learn more about our Cis Benchmark Audit For Apple Ios.