This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.Ī logic issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.Ī cross-origin issue in the IndexDB API was addressed with improved input validation.
#Safari 10.1.2 support code
Processing maliciously crafted web content may lead to arbitrary code execution. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. Visiting a malicious website may lead to address bar spoofing.Ī use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.5, Safari 15.4. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an link to the server, despite the real server requiring HTTPS.Ī user interface issue was addressed. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. It uses Keycloak for identity management services. Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari. An attacker could then access this information via JavaScript. A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically.