Info

Disclosure

Jul 25, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 25, 2012

Description

Apple Safari contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the program fails to properly handle the feed: URL feature, which will allow a context-dependent attacker to upload arbitrary files from the target's computer to a server of their choice.

Classification

Location: Context Dependent
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to version 6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Inc.

Safari

5.1.7

References

Security Tracker: 1027307
CVE ID: 2012-0679 (see also: NVD)
Secunia Advisory ID: 50058
Related OSVDB ID: 84200 84201 84203 84204 84205 84206 84207 84208 84209 84210 84211 84213
Vendor Specific Advisory URL: http://support.apple.com/kb/HT5400

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84214