Suppose we set the URLRequest header "Foo" to the value "Bar Extra-Header: Added GET /other HTTP/1.1". For example, consider a URLRequest to with the GET method.
When that request is sent via URLSession to an HTTP server, the server may interpret the content after the CRLF as extra headers, or even a second request. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. Apple is aware of a report that this issue may have been actively exploited.Ī program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. An application may be able to execute arbitrary code with kernel privileges. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.Īn out-of-bounds write issue was addressed with improved bounds checking. Processing maliciously crafted web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been actively exploited.Ī type confusion issue was addressed with improved state handling.
This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. A type confusion issue was addressed with improved checks.
0 kommentar(er)
