Apple Safari 9.1.1 Local XXE Injection

Apple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.

Continue reading...