Apple Mac OS X Notes Cross Site Scripting Vulnerabilities

XLAB ID: XLAB-15-002     

CVE ID: CVE-2015-5875     

Patch Status: Fixed

Vulnerability Details:
When Notes synchronous ICloud data, is not properly filtered data lead to XSS vulnerabilities.A local user may be able to leak sensitive user information.

Disclosure Timeline:

2015/3/28 Provide vulnerability detail to APPLE via
2015/3/28 APPLE automatic reply
2015/3/29 APPLE responded that they are verifying the proof of concept code
2015/9/30 APPLE advisory disclosed,CVE-2015-5875

This vulnerability was discovered by:    xisigr