Versions of Safari prior to 6.2.7 / 7.1.7 / 8.0.7 are reportedly affected by the following vulnerabilities :
- A flaw exists in WebKit Page Loading due to the Origin request header being preserved for cross-origin redirects. A remote attacker can exploit this, via a specially crafted web page, to circumvent cross-site request forgery (XSRF) protections. (CVE-2015-3658)
- A flaw exists in the WebKit Storage’s SQLite authorizer due to insufficient comparison. A remote attacker can exploit this, via a specially crafted web page, to invoke arbitrary SQL functions, resulting in a denial of service condition or executing arbitrary code. (CVE-2015-3659)
- An information disclosure vulnerability exists in WebKit PDF due to improper restrictions, related to JavaScript execution, of links embedded in PDF files. A remote attacker can exploit this, via a specially crafted PDF file, to disclose sensitive information from the file system, including cookies. (CVE-2015-3660)
- An information disclosure vulnerability exists in WebKit due to improper restrictions on renaming WebSQL tables. A remote attacker can exploit this, via a specially crafted website, to access WebSQL databases belonging to other websites. (CVE-2015-3727)