Bugtraq mailing list archives

Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

From: VSR Advisories <advisories () vsecurity com>
Date: Thu, 18 Sep 2014 01:07:23 -0400

hope that it will help promote public safety.  This advisory comes with
absolutely NO WARRANTY; not even the implied warranty of merchantability or
fitness for a particular purpose.  Neither Virtual Security Research, LLC nor
the author accepts any liability for any direct, indirect, or consequential
loss or damage arising from use of, or reliance on, this information.

See the VSR disclosure policy for more information on our responsible
disclosure practices:
  http://www.vsecurity.com/company/disclosure

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
     Copyright 2014 Virtual Security Research, LLC.  All rights reserved.

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Current thread:

Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw VSR Advisories (Sep 19)
- <Possible follow-ups>
- Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw VSR Advisories (Sep 19)