Same Origin Policy Bypass in WebKit and Safari

Same Origin Policy Bypass in WebKit and Safari

CVE-2016-1785 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Learn more about our Cis Benchmark Audit For Apple Ios.