Apple Safari Multiple Vulnerabilities
Last Update Date:
3 Apr 2014 09:11
Release Date:
3 Apr 2014
4050
Views
RISK: High Risk
TYPE: Clients - Browsers
Multiple vulnerabilities have been identified in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass sandbox controls.
- A remote user can create specially crafted content that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.
- A page running code in the WebProcess may be exploit an IPC message processing flaw to bypass sandbox restrictions and read arbitrary files on the target system.
Impact
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- Prior to versions 6.1.3 and 7.0.3
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (6.1.3, 7.0.3).
Vulnerability Identifier
- CVE-2013-2871
- CVE-2014-1297
- CVE-2014-1298
- CVE-2014-1299
- CVE-2014-1300
- CVE-2014-1301
- CVE-2014-1302
- CVE-2014-1303
- CVE-2014-1304
- CVE-2014-1305
- CVE-2014-1307
- CVE-2014-1308
- CVE-2014-1309
- CVE-2014-1310
- CVE-2014-1311
- CVE-2014-1312
- CVE-2014-1313
Source
Related Link
Share with