CVE-2015-3751 - Midland Passbooks

Description

WebKit in Apple Safari before 6.2.8 7.x before 7.1.8 and 8.x before 8.0.8 as used in iOS before 8.4.1 and other products allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element.

Reference

https://support.apple.com/kb/HT205033 https://support.apple.com/kb/HT205030 http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://www.securityfocus.com/bid/76341 http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://www.securitytracker.com/id/1033274