Posted by Jouko Pynnonen on Apr 13

*Overview*
The 4/8/2015 security updates from Apple included a patch for a Safari
cross-domain vulnerability. An attacker could create web content which,
when viewed by a target user, bypasses some of the normal cross-domain
restrictions to access or modify HTTP cookies belonging to any website.

Most websites which allow user logins store their authentication
information (usually session keys) in cookies. Access to these cookies
would allow…