OSVDB ID: 84209

Title: WebKit File URL Handling Sandbox Bypass Arbitrary File Access Weakness

Info

Disclosure

Jul 25, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 25, 2012

Description

WebKit contains a flaw related to the handling of 'file://' URLs. This may allow a context-dependent attacker to bypass sandbox restrictions and gain access to potentially sensitive files.

Classification

Location: Context Dependent
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Third-Party Solution
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Vuln Dependent, Web Related

Solution

OSVDB is not currently aware of a solution for this vulnerability. Upgrade to Apple Safari version 6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Inc.

Safari

5.1.7

References

Security Tracker: 1027307
CVE ID: 2012-3697 (see also: NVD)
Secunia Advisory ID: 50058
Related OSVDB ID: 84200 84201 84203 84204 84205 84206 84207 84208 84210 84211 84213 84214
Vendor Specific Advisory URL: http://support.apple.com/kb/HT5400

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84209