Vulnerabilities In Safari 9 Could leak Browsing history,Network activity, and Mouse movements of User

After the release of OS X El Capitan v10.11, iOS 9.0.2,various vulnerabilities uncovered in iOS and safari browser.A post indicated that,total 100 vulnerability address in OS X El Capitan v10.11 ,including denial-of-service, AirScan, Finder, Game Center, Kernel, Mail, Notes, OpenSSH, OpenSSL, SQLite, Time Machine and many more.These vulnerability allow attacker to enable remote and local code execution.
According to a second post, iOS 9.0.2 addresses a  flaw, CVE-2015-5923, could enable a person with physical access to the device to access photos and contacts from the lock screen – all without needing the passcode.
Exploiting the bug – which was demonstrated in a YouTube video  – requires entering the wrong passcode a number of times, asking Siri for the time, and leveraging her response to navigate to the photos and contacts.
With the latest release of Safari 9, also addressed about 45 bug in browser. Some of them are memory corruption issues in WebKit, where visiting a maliciously crafted website could lead to unexpected application termination or random code execution.
According to third post,Vulnerability in safari WebKit's Performance API “could have allowed a malicious website to leak browsing history, network activity, and mouse movements by measuring time.

Post a Comment