Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Apple Safari for Mac OS X Multiple Vulnerabilities

-

Release Date:  2012-09-20    Last Update:  2012-10-23    Views:  3,241

Secunia Advisory SA50577

Where:

From remote

Impact:

Security Bypass, Exposure of sensitive information, System access

Solution Status:

Vendor Patch

Software:

CVE Reference(s):

Description


Multiple vulnerabilities have been reported in Safari, which can be exploited by malicious people to bypass certain security restrictions, gain knowledge of sensitive information, or compromise a user's system.

1) A logic error in the handling of the Quarantine attribute when opening HTML documents in safe mode can be exploited to cause the document to not be opened in safe mode and disclose the contents of arbitrary files.

2) An error in the handling of Form Autofill may lead to Address Book "Me" card details being disclosed when using Form Autofill on a specially crafted web page.

3) A logic error when handling HTTPS URLs in the address bar may cause a request to be unexpectedly sent over HTTP if part of the request in the address bar was edited by pasting text.

4) A use-after-free error in the Webkit Cascading Style Sheets (CSS) implementation when handling the :first-letter pseudo-element can be exploited to dereference already freed memory.

5) A use-after-free error in Webkit when handling tables with sections can be exploited to dereference already freed memory.

6) A use-after-free error in Webkit when handling the layout of documents using the Cascading Style Sheets (CSS) counters feature can be exploited to dereference already freed memory.

7) A use-after-free error in the Webkit Cascading Style Sheets (CSS) implementation when handling the :first-letter pseudo-element can be exploited to dereference already freed memory.

8) A use-after-free error in Webkit when handling SVG references can be exploited to dereference already freed memory.

9) A use-after-free error in Webkit when handling counters can be exploited to dereference already freed memory.

10) A use-after-free error in Webkit when handling layout height tracking can be exploited to dereference already freed memory.

11) An unspecified error in Webkit can be exploited to corrupt memory.

12) An unspecified error in Webkit can be exploited to corrupt memory.

13) An unspecified error in Webkit can be exploited to corrupt memory.

14) An unspecified error in Webkit can be exploited to corrupt memory.

15) An unspecified error in Webkit can be exploited to corrupt memory.

16) An unspecified error in Webkit can be exploited to corrupt memory.

17) An unspecified error in Webkit can be exploited to corrupt memory.

18) An unspecified error in Webkit can be exploited to corrupt memory.

19) An unspecified error in Webkit can be exploited to corrupt memory.

20) An unspecified error in Webkit can be exploited to corrupt memory.

21) An unspecified error in Webkit can be exploited to corrupt memory.

22) An unspecified error in Webkit can be exploited to corrupt memory.

23) An unspecified error in Webkit can be exploited to corrupt memory.

24) An unspecified error in Webkit can be exploited to corrupt memory.

25) An unspecified error in Webkit can be exploited to corrupt memory.

26) An unspecified error in Webkit can be exploited to corrupt memory.

27) An unspecified error in Webkit can be exploited to corrupt memory.

28) An unspecified error in Webkit can be exploited to corrupt memory.

29) An unspecified error in Webkit can be exploited to corrupt memory.

30) An unspecified error in Webkit can be exploited to corrupt memory.

31) An unspecified error in Webkit can be exploited to corrupt memory.

32) An unspecified error in Webkit can be exploited to corrupt memory.

33) An unspecified error in Webkit can be exploited to corrupt memory.

34) An unspecified error in Webkit can be exploited to corrupt memory.

35) An unspecified error in Webkit can be exploited to corrupt memory.

36) An unspecified error in Webkit can be exploited to corrupt memory.

37) An unspecified error in Webkit can be exploited to corrupt memory.

38) An unspecified error in Webkit can be exploited to corrupt memory.

39) An unspecified error in Webkit can be exploited to corrupt memory.

40) An unspecified error in Webkit can be exploited to corrupt memory.

41) An unspecified error in Webkit can be exploited to corrupt memory.

42) An unspecified error in Webkit can be exploited to corrupt memory.

43) An unspecified error in Webkit can be exploited to corrupt memory.

44) An unspecified error in Webkit can be exploited to corrupt memory.

45) An unspecified error in Webkit can be exploited to corrupt memory.

46) An unspecified error in Webkit can be exploited to corrupt memory.

47) An unspecified error in Webkit can be exploited to corrupt memory.

48) An unspecified error in Webkit can be exploited to corrupt memory.

49) An unspecified error in Webkit can be exploited to corrupt memory.

50) An unspecified error in Webkit can be exploited to corrupt memory.

51) An unspecified error in Webkit can be exploited to corrupt memory.

52) An unspecified error in Webkit can be exploited to corrupt memory.

53) An unspecified error in Webkit can be exploited to corrupt memory.

54) An unspecified error in Webkit can be exploited to corrupt memory.

55) An unspecified error in Webkit can be exploited to corrupt memory.

56) An unspecified error in Webkit can be exploited to corrupt memory.

57) An unspecified error in Webkit can be exploited to corrupt memory.

58) An unspecified error in Webkit can be exploited to corrupt memory.

59) An unspecified error in Webkit can be exploited to corrupt memory.

60) An unspecified error in Webkit can be exploited to corrupt memory.

61) An unspecified error in Webkit can be exploited to corrupt memory.


Solution:
Update to version 6.0.1.

Provided and/or discovered by:
The vendor credits:
1) Aaron Sigel, vtty.com and Masahiro Yamada
2) Jonathan Hogervorst, Buzzera
3) Aaron Rhoads, East Watch Services LLC and Pepi Zawodsky
4-10, 13) miaubiz
11, 20, 34, 42, 44, 47, 49, 52, 55, 57, 58) Apple Product Security
12) Martin Barbella, Google Chrome Security Team
14, 15, 17, 19, 22, 25, 28, 33, 36, 38-40, 46, 48, 50, 51, 54, 56, 61) Abhishek Arya (Inferno), Google Chrome Security Team
16, 21, 23, 24, 26, 27, 32, 47, 53, 60) Skylined, Google Chrome Security Team
18) Yong Li, Research In Motion
29) Dominic Cooney, Google and Martin Barbella, Google Chrome Security Team
30) Abhishek Arya and Martin Barbella, Google Chrome Security Team
31) Martin Barbella, Google Chrome Security Team
35) Mario Gomes, netfuzzer.blogspot.com and Abhishek Arya (Inferno), Google Chrome Security Team
37) Skylined and Martin Barbella, Google Chrome Security Team
41) Julien Chaffraix, Chromium development community
43, 45) kuzzcc
59) James Robinson of Google

Original Advisory:
Apple:
http://support.apple.com/kb/HT5502

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Apple Safari for Mac OS X Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability