CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.
References
Link | Resource |
---|---|
http://support.apple.com/kb/HT6150 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-02-26 17:55
Updated : 2014-02-27 05:55
NVD link : CVE-2014-1257
Mitre link : CVE-2014-1257
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
apple
- mac_os_x