【CVE-2015-5875】Apple Mac OS X Notes Cross Site Scripting Vulnerabilities

Vulnerability Details:

When Notes synchronous ICloud data, is not properly filtered data lead to XSS vulnerabilities.A local user may be able to leak sensitive user information.

Disclosure Timeline:

2015/3/28 Provide vulnerability detail to APPLE via product-security@apple.com
2015/3/28 APPLE automatic reply
2015/3/29 APPLE responded that they are verifying the proof of concept code
2015/9/30 APPLE advisory disclosed,CVE-2015-5875

References:

https://support.apple.com/HT205267
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Credit:

This vulnerability was discovered by: xisigr

发表评论

电子邮件地址不会被公开。 必填项已用*标注