Skip to main content

Apple Safari Code Execution and Security Bypass Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 13 Aug 2009 5376 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Apple Safari, which could be exploited by attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system.

1. A heap overflow error in CoreGraphics in the drawing of long text strings, which could be exploited to crash an affected browser or execute arbitrary code.

2. A buffer overflow error in ImageIO when handling EXIF metadata., which could be exploited to crash an affected browser or execute arbitrary code.

3. An error in the Top Sites feature, which could allow a malicious web site to promote arbitrary sites into the Top Sites view through automated actions.

4. A buffer overflow in WebKit when parsing floating point numbers, which could be exploited to crash an affected browser or execute arbitrary code.

5 An error in WebKit when handling the pluginspage attribute of the "embed" element, which could allow a remote attacker to launch file URLs in Safari, and lead to the disclosure of sensitive information.

6. An error within International Domain Name (IDN) support and Unicode fonts, which could allow a remote attacker to direct the user to a spoofed site that visually appears to be a legitimate domain.


System / Technologies affected

  • Apple Safari versions prior to 4.0.3

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Apple Safari version 4.0.3 :
http://support.apple.com/downloads/Safari_4


Vulnerability Identifier


Source


Related Link