Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, or compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to corrupt memory when a user visits a web site embedding a specially crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to compromise a user's system.
4) An error in the processing of external entities in XML files can be exploited to read files from the user's system when a users visits a specially crafted web page.
5) An error in the handling of redirects when processing Extensible Stylesheet Language Transformations (XSLT) can be exploited to disclose XML content from other web sites.
6) An error in the XSL "document()" function can be exploited to read files from other security zones, including the user's system.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
9) An error when handling calls to the CSS "attr" function can be exploited to access an uninitialised pointer and potentially execute arbitrary code.
10) An error in the handling of "file:" URLs can be exploited to read local files and disclose potentially sensitive information.
Other vulnerabilities have also been reported of which some may also affect Safari version 3.x.
Solution: Upgrade to Safari version 4, which fixes the vulnerabilities.
Provided and/or discovered by: 1-3) Tavis Ormandy
4 - 6) Chris Evans of Google Inc.
7) Michal Zalewski of Google Inc.
8) wushi and ling of team509, reported via iDefense
9) Thierry Zoller, reported via ZDI. The vendor also credits Robert Swiecki of the Google Security Team.
10) Alexios Fakos, n.runs AG. The vendor also credits Dino Dai Zovi.
Original Advisory: Apple:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Apple Safari Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.