Apple Safari for OS X URI spoofing

2015.10.05

Credit: antonio

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2015-5764

CWE: N/A

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

Apple Safari for OS X was prone to URI spoofing vulnerability (and more general a user interface spoofing).
Apple released security updates for Safari 9<https://support.apple.com/kb/HT205265> on OS X and assigned CVE-2015-5764.
Accidentally this vulnerability was also present in iOS.
Instant demo
In Safari up to 8.0.8 :
* go to https://asanso.github.io/CVE-2015-5764/file0.html
* click "click me!"
* notice the address bar being "data:text/html,%3CH1%3EHi!!%3C/H1%3E"
* go back using the browser button
* click "click me!"
* notice the address bar being http://www.intothesymmetry.com/CVE-2015-5764/file0.php !!!!
You can find the details in http://intothesymmetry.blogspot.it/2015/09/apple-safari-uri-spoofing-cve-2015-5764.html
regards
antonio

References:

http://intothesymmetry.blogspot.it/2015/09/apple-safari-uri-spoofing-cve-2015-5764.html

https://support.apple.com/kb/HT205265

https://asanso.github.io/CVE-2015-5764/file0.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Apple Safari for OS X URI spoofing

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.