Skip to main content

Apple Safari Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 15 Mar 2010 5337 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Apple Safari, which could be exploited by attackers to disclose sensitive information, bypass security restrictions or compromise an affected system.

1. An integer overflow error exists in ColorSync when processing certain images with an embedded color profile, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.

2. Various memory corruptions exist in ImageIO when processing malformed TIFF or BMP images, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.

3. An implementation error exists in PubSub when handling cookies set by RSS and Atom feeds, which may result in a cookie being set, even if Safari is configured to block cookies via the "Accept Cookies" preference.

4. An unspecified error exists when handling external URL schemes, which may cause a local file to be opened in response to a URL encountered on a web page.

5. Various memory corruptions, use-after-free errors and implementation issues exist in WebKit when processing certain HTML, CSS or XML data, which could be exploited to execute arbitrary code or disclose the content of protected resources on third-party websites.


Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Apple Safari versions prior to 4.0.5

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Apple Safari version 4.0.5 :
http://www.apple.com/safari/download/


Vulnerability Identifier


Source