Information disclosure vulnerability in iBooks via XML External Entity (Mac OS X) - APPLE-SA-2016-03-31-1ID: oval:org.secpod.oval:def:48179 | Date: (C)2018-10-24 (M)2022-10-10 |
Class: PATCH | Family: macos |
The host is missing a security update according to apple advisory, APPLE-SA-2016-03-31-1. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle the issue in XML External Entity (XXE). Successful exploitation allows remote attackers to read arbitrary files via an iBooks Author file.
Platform: |
Apple Mac OS X 10.10 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.14 |