CVE-2014-4363 Information

Description

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms which allows remote attackers to obtain sensitive information via (1) an http web site (2) an https web site with an unacceptable X.509 certificate or (3) an IFRAME element.

Reference

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://secunia.com/advisories/61306 http://support.apple.com/kb/HT6440 http://support.apple.com/kb/HT6441 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69909 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96075