CVE-2015-1155
23Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 11%
from disclosure to weapon0 days
Published on NVDMay 8
metasploitJan 16
exploitation probability
11%top 5% of all CVEs
observed exploitation
nono source reports it
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
Affected products
n/a · n/aReferences
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/May/msg00000.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00132.htmlhttps://support.apple.com/HT204826http://support.apple.com/kb/HT204941http://www.securityfocus.com/bid/74527http://www.securitytracker.com/id/1032270http://www.ubuntu.com/usn/USN-2937-1