Apple Safari version 8.0.8 was prone to a URI spoofing vulnerability.
56f1ab6b2010771a579cb4098d64865d5cac498ada576c8588d66d4a3b85e943tl;dr Apple Safari for OS X was prone to URI spoofing vulnerability (and more general a user interface spoofing). Apple released security updates for Safari 9<https://support.apple.com/kb/HT205265> on OS X and assigned CVE-2015-5764. Accidentally this vulnerability was also present in iOS.
Instant demo
In Safari up to 8.0.8 :
* go to https://asanso.github.io/CVE-2015-5764/file0.html
* click "click me!"
* notice the address bar being "data:text/html,%3CH1%3EHi!!%3C/H1%3E"
* go back using the browser button
* click "click me!"
* notice the address bar being http://www.intothesymmetry.com/CVE-2015-5764/file0.php !!!!
You can find the details in http://intothesymmetry.blogspot.it/2015/09/apple-safari-uri-spoofing-cve-2015-5764.html
regards
antonio
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed