Taint Checking Bypass in WebKit for Apple Safari
CVE-2015-3753 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.
Learn more about our Cis Benchmark Audit For Apple Ios.