Apple Safari Code Execution and Information Disclosure Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Apple Safari, which could be exploited by attackers to gain knowledge of sensitive information or compromise a vulnerable system.
These issues are caused by memory corruptions, use-after-free and information disclosure errors related to RSS feeds, AutoFill feature, and WebKit's handling of element focus, inline elements, dynamic modifications to text nodes, CSS counters, the :first-letter and :first-line pseudo-elements in SVG text elements, foreignObject elements in SVG documents, floating elements in SVG documents, "use" elements in SVG documents, JavaScript string objects, just-in-time compiled JavaScript stubs, JavaScript arrays, regular expressions, and "font-face" and "use" elements in SVG documents, which could be exploited to cause files from the user's system to be sent to a remote server, disclose information to websites without user interaction, or execute arbitrary code by tricking a user into visiting a specially crafted web page.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Apple Safari versions prior to 5.0.1
- Apple Safari versions prior to 4.1.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Apple Safari version 5.0.1 and 4.1.1 :
http://www.apple.com/safari/download/
Vulnerability Identifier
- CVE-2010-1778
- CVE-2010-1780
- CVE-2010-1782
- CVE-2010-1783
- CVE-2010-1784
- CVE-2010-1785
- CVE-2010-1786
- CVE-2010-1787
- CVE-2010-1788
- CVE-2010-1789
- CVE-2010-1790
- CVE-2010-1791
- CVE-2010-1792
- CVE-2010-1793
- CVE-2010-1796
Source
Related Link
Share with