>> Apple Safari 9.1.1 Local XXE Injection

USER: deepcore // DATE: 2016-07-06 02:02 // MODIFIED: 2016-07-06

Apple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.