Cross-origin bypass vulnerability in Apple Safari due to a permissions issue - CVE-2017-7090| ID: oval:org.secpod.oval:def:42203 | Date: (C)2017-09-27 (M)2024-01-29 |
| Class: VULNERABILITY | Family: macos |
The host is installed with Apple Safari before 11 and is prone to a cross-origin bypass vulnerability. A flaw is present in the application, which fails to properly handle cookies for custom URL schemes. Successful exploitation may lead to cookies belonging to one origin may be sent to another origin.
| Platform: |
| Apple Mac OS X 10.10 |
| Apple Mac OS X 10.11 |
| Apple Mac OS X 10.12 |
| Apple Mac OS X 10.13 |
| Apple Mac OS X Server 10.10 |
| Apple Mac OS X Server 10.11 |
| Apple Mac OS X Server 10.12 |
| Apple Mac OS X Server 10.13 |
