Apple Safari XSS Vulnerability (CVE-2015-3660)
Apple Safari XSS Vulnerability (CVE-2015-3660)
Release date:
Updated on:
Affected Systems:
Apple Safari <8.0.7
Apple Safari <7.1.7
Apple Safari <6.2.7
Description:
CVE (CAN) ID: CVE-2015-3660
Safari is the browser in Mac OS X, the latest operating system of Apple Computer. It uses KDE's KHTML as the core of browser computing.
In versions earlier than Apple Safari 6.2.7, earlier than 7.1.7, and earlier than 8.0.7, the PDF function in WebKit has the cross-site scripting vulnerability. Remote attackers can construct URLs in Embedded PDF content, attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML.
<* Source: Apple
Link: https://support.apple.com/zh-cn/HT204950
Http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html
*>
Suggestion:
Vendor patch:
Apple
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.apple.com/support/downloads/
This article permanently updates the link address: