2 matches found
CVE-2017-2426
Summary of CVE-2017-2426 : A local-file disclosure vulnerability in macOS prior to 10.12.4, affecting the iBooks component. An attacker could use a crafted iBooks file containing a file:// URL to reveal sensitive information from the user’s local filesystem. The issue is tied to how iBooks handle...
macOS iBooks Parsing a maliciously crafted iBooks file lead to local file disclosure(CVE-2017-2426)
On a previous post about ePub parsers This book reads you - exploiting services and readers that support the ePub book format, I mentioned using scripting capabilities in ePub to perform local attacks against users. Apple just released a fix for one issue I reported last year in iBooks that allow...