Skip to main content

Apple Safari Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 17 Nov 2008 5480 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Apple Safari, which could be exploited by attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system. These issues are caused by buffer overflow, uninitialized memory access, memory corruption, signedness and design errors when processing malformed data.

1. A vulnerability is caused due to insecure zlib code.

2. A vulnerability is caused due to insecure libxslt code.

3. An unspecified error in CoreGraphics within the processing of handling of color spaces can be exploited to cause a heap-based buffer overflow via a specially crafted image.

Successful exploitation may allow execution of arbitrary code.

4. A vulnerability in the processing of TIFF images can potentially be exploited to execute arbitrary code.

5. A vulnerability in the processing of JPEG images can potentially be exploited to execute arbitrary code.

6. A vulnerability in the handling of images with an embedded ICC profile can be exploited to execute arbitrary code.

7. Data supplied to form fields may be exposed via the browser page cache, although the "Autocomplete" feature is disabled.

8. A signedness error in Safari when handling Javascript array indices can be exploited to execute arbitrary code.

9. A vulnerability in the handling of style sheet elements can be exploited to execute arbitrary code.

10. An error in the plugin interface in Webkit can be exploited to disclose sensitive information by launching local files.


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Apple Safari versions prior to 3.2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link