Main Vulnerability Database SB2016070804

SB2016070804 - XML SVG image external entity processing flaw in Apple Safari

Published: July 8, 2016 Updated: July 12, 2020

Security Bulletin ID SB2016070804

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) XML SVG image external entity processing flaw (CVE-ID: N/A)

The vulnerability allows a remote attacker to conduct XML external entity attacks to obtain files on the target system in certain cases. The vulnerability exists in SVG image external entity processing. A remote unauthenticated attacker can read files on the target user's system by creating a specially crafted SVG image, when it is loaded by the target user. Successful exploitation of this vulnerability may result in disclosure of system information,

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.wearesegment.com/research/Apple-Safari-for-Mac-OS-X-SVG-local-XXE