Information disclosure vulnerability in iBooks via XML External Entity (Mac OS X)ID: oval:org.secpod.oval:def:48178 | Date: (C)2018-10-24 (M)2022-10-10 |
Class: VULNERABILITY | Family: macos |
The host is installed with iBooks before 2.4.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle the issue in XML External Entity (XXE). Successful exploitation allows remote attackers to read arbitrary files via an iBooks Author file.
Platform: |
Apple Mac OS X 10.10 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.14 |