Apple Safari WebKit PDF Vulnerability (CVE-2015-3660)
Apple Safari WebKit PDF Vulnerability (CVE-2015-3660)
Release date:
Updated on:
Affected Systems:
Apple Safari <8.0.7
Apple Safari <7.1.7
Apple Safari <6.2.7
Description:
Bugtraq id: 75494
CVE (CAN) ID: CVE-2015-3660
Safari is the browser in Mac OS X, the latest operating system of Apple Computer. It uses KDE's KHTML as the core of browser computing.
For versions earlier than Apple Safari 6.2.7 and earlier than 7.1.7. version x and version 8 earlier than 8.0.7. in Version x, the WebKit PDF feature has the cross-site scripting vulnerability. Remote attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML by constructing URLs in Embedded PDF content.
<* Source: Apple
*>
Suggestion:
Vendor patch:
Apple
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.apple.com/support/downloads/
Http://support.apple.com/kb/HT204950
Http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html
This article permanently updates the link address: