Apple Safari Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Apple Safari, which could be exploited by attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system.
1. Due to an error in CFNetwork when identifying the file type of certain local image files could be exploited by attackers to execute malicious JavaScript in the local context by tricking a user into downloading and opening a malicious image.
2. Due to CFNetwork creating temporary files insecurely when downloading files, which could allow malicious users to access another user's files as they are downloaded.
3. Due to memory corruption and integer overflow errors in CoreGraphics when processing malformed data, TrueType fonts, or PDF files, which could be exploited to crash an affected browser or execute arbitrary code.
4. Due to an uninitialized pointer in ImageIO when handling PNG images, which could be exploited to execute arbitrary code.
5. Due to implementation error in ICU when handling certain character encodings, which could be exploited to bypass cross-site scripting filters.
6. Due to errors in libxml
7. Due to an error when handling Extended Validation (EV) certificates, which could be exploited to bypass the revocation checking warning.
8. Due to an implementation error in the Private Browsing feature, which may cause cookies to remain on disk after Private Browsing ends, potentially leading to the disclosure of sensitive information.
9. Due to the "Reset" button for "Reset saved names and passwords" in the "Reset Safari..." menu option taking up to 30 seconds to clear the passwords, which could allow a user with access to the system in that time window to access the stored credentials.
10. Due to an error in the open-help-anchor URL handler, which may allow a maliciously crafted website to open local help files, leading to the disclosure of sensitive information or arbitrary code execution.
11. Due to the Safari Windows Installer causing Safari to run with elevated privileges for its initial launch.
12. Due to input validation, design, type conversion, memory corruption, uninitialized pointer, use-after-free, uninitialized memory access errors in WebKit, which could be exploited to gain knowledge of sensitive information, read arbitrary files, bypass security restrictions and the same-origin policy, spoof browser UI elements, conduct cross site scripting and forgery attacks, or compromise a vulnerable system.
Impact
- Denial of Service
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Apple Safari versions prior to 4.0
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Apple Safari version 4.0 :
http://support.apple.com/kb/HT3613
Vulnerability Identifier
- CVE-2006-2783
- CVE-2008-1588
- CVE-2008-2320
- CVE-2008-2321
- CVE-2008-3281
- CVE-2008-3529
- CVE-2008-3632
- CVE-2008-4225
- CVE-2008-4226
- CVE-2008-4231
- CVE-2008-4409
- CVE-2009-0040
- CVE-2009-0145
- CVE-2009-0153
- CVE-2009-0946
- CVE-2009-1179
- CVE-2009-1681
- CVE-2009-1682
- CVE-2009-1684
- CVE-2009-1685
- CVE-2009-1686
- CVE-2009-1687
- CVE-2009-1688
- CVE-2009-1689
- CVE-2009-1690
- CVE-2009-1691
- CVE-2009-1693
- CVE-2009-1694
- CVE-2009-1695
- CVE-2009-1696
- CVE-2009-1697
- CVE-2009-1698
- CVE-2009-1699
- CVE-2009-1700
- CVE-2009-1701
- CVE-2009-1702
- CVE-2009-1703
- CVE-2009-1704
- CVE-2009-1705
- CVE-2009-1706
- CVE-2009-1707
- CVE-2009-1708
- CVE-2009-1709
- CVE-2009-1710
- CVE-2009-1711
- CVE-2009-1712
- CVE-2009-1713
- CVE-2009-1714
- CVE-2009-1715
- CVE-2009-1716
- CVE-2009-1718
Source
Related Link
Share with