CVE-2014-1297 Information

Description

WebKit as used in Apple Safari before 6.1.3 and 7.x before 7.0.3 does not properly validate WebProcess IPC messages which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.

Reference

http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html