Vulnerabilities > CVE-2014-4363 - Credentials Management vulnerability in Apple Iphone OS and Safari
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 10 | |
Application | Apple
| 18 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_SAFARI7_1.NASL |
description | The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2 or 7.1. It is, therefore, affected by the following vulnerabilities : - An error exists related to saved passwords and the incorrect automatic filling of HTML forms. A remote attacker can exploit this to obtain sensitive information. (CVE-2014-4363) - Multiple memory corruption errors exist related to the included version of WebKit that can allow application crashes or arbitrary code execution. (CVE-2013-6663, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415) - An error exists related to HTML5 application cache data handling and the included version of WebKit that allows the disclosure of sensitive information from private browsing sessions. (CVE-2014-4409) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 77747 |
published | 2014-09-18 |
reporter | This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/77747 |
title | Mac OS X : Apple Safari < 6.2 / 7.1 Multiple Vulnerabilities |
code |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
- http://secunia.com/advisories/61306
- http://support.apple.com/kb/HT6440
- http://support.apple.com/kb/HT6441
- http://www.securityfocus.com/bid/69882
- http://www.securityfocus.com/bid/69909
- http://www.securitytracker.com/id/1030866
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96075