Taint Checking Bypass in WebKit for Apple Safari

Taint Checking Bypass in WebKit for Apple Safari

CVE-2015-3753 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.

Learn more about our Cis Benchmark Audit For Apple Ios.