Apple Safari 6.2.0/7.1.0/8.0.0 CSS Style Sheet SVG Image input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Apple Safari 6.2.0/7.1.0/8.0.0. It has been rated as problematic. The affected element is an unknown function of the component CSS Style Sheet Handler. The manipulation as part of SVG Image leads to input validation. This vulnerability is uniquely identified as CVE-2014-4465. No exploit exists. Upgrading the affected component is advised.
Details
A vulnerability was found in Apple Safari 6.2.0/7.1.0/8.0.0 (Web Browser). It has been rated as problematic. This issue affects an unknown function of the component CSS Style Sheet Handler. The manipulation as part of a SVG Image leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. Impacted is confidentiality, and integrity. The summary by CVE is:
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.
The weakness was disclosed 12/03/2014 by Rennie deGraaf with iSEC Partners as HT6596 as confirmed advisory (Website). It is possible to read the advisory at support.apple.com. The identification of this vulnerability is CVE-2014-4465 since 06/20/2014. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available. The advisory points out:
An SVG loaded in an img element could load a CSS file cross-origin. This issue was addressed through enhanced blocking of external CSS references in SVGs.
The vulnerability scanner Nessus provides a plugin with the ID 80055 (Mac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family MacOS X Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 123027 (Apple Safari 6.2.1/ 7.1.1/8.0.1 Not Installed (HT6596)).
Upgrading to version 6.2.1, 7.1.1 or 8.0.1 eliminates this vulnerability. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (99111), Tenable (80055), SecurityFocus (BID 71439†) and SecurityTracker (ID 1031296†). The entries VDB-68223, VDB-68232, VDB-68328 and VDB-68329 are pretty similar. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.apple.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 5.7
VulDB Base Score: 6.5
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 80055
Nessus Name: Mac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 68670
OpenVAS Name: Apple Safari Webkit Multiple Vulnerabilities-01 Dec14 (Mac OS X)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Safari 6.2.1/7.1.1/8.0.1
Timeline
06/20/2014 🔍12/03/2014 🔍
12/03/2014 🔍
12/04/2014 🔍
12/04/2014 🔍
12/10/2014 🔍
12/11/2014 🔍
12/16/2014 🔍
05/02/2019 🔍
Sources
Vendor: apple.comAdvisory: HT6596
Researcher: Rennie deGraaf
Organization: iSEC Partners
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-4465 (🔍)
GCVE (CVE): GCVE-0-2014-4465
GCVE (VulDB): GCVE-100-68327
X-Force: 99111 - Apple Safari WebKit style information disclosure, Medium Risk
SecurityFocus: 71439 - Apple Safari CVE-2014-4465 Cross Domain Information Disclosure Vulnerability
SecurityTracker: 1031296
See also: 🔍
Entry
Created: 12/04/2014 15:20Updated: 05/02/2019 16:56
Changes: 12/04/2014 15:20 (84), 05/02/2019 16:56 (3)
Complete: 🔍
Cache ID: 216:318:103
No comments yet. Languages: en.
Please log in to comment.