exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

iDefense Security Advisory 07.20.11 - Safari Memory Corruption

iDefense Security Advisory 07.20.11 - Safari Memory Corruption
Posted Jul 21, 2011
Authored by iDefense Labs, wushi | Site idefense.com

iDefense Security Advisory 07.20.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s Safari browser could allow an attacker to execute arbitrary code with the privileges of the current user. Safari is Apple's Web browser and is based on the open source WebKit browser engine. This vulnerability occurs when Safari incorrectly handles an error state when encountering a broken XHTML tag. Specifically, the tag enclosing the tag being processed is freed and is then referenced after it has already been freed. This can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.

tags | advisory, remote, web, arbitrary
systems | apple
advisories | CVE-2011-0234
SHA-256 | 451fa0ffe2995cf2fabae89ed282d4b2fbe5371f34e100141b87a568287fd5e3

iDefense Security Advisory 07.20.11 - Safari Memory Corruption

Change Mirror Download
iDefense Security Advisory 07.20.11
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 20, 2011

I. BACKGROUND

Safari is Apple's web browser, and is based on the open source WebKit
browser engine. MobileSafari is Safari for Apple's mobile devices
including the iPad and iPhone. For more information, see the vendor's
site found at the following link.

http://www.apple.com/safari/

II. DESCRIPTION

Remote exploitation of a memory corruption vulnerability in Apple Inc.'s
Safari browser could allow an attacker to execute arbitrary code with
the privileges of the current user.

Safari is Apple's Web browser and is based on the open source WebKit
browser engine.

This vulnerability occurs when Safari incorrectly handles an error state
when encountering a broken XHTML tag. Specifically, the tag enclosing
the tag being processed is freed and is then referenced after it has
already been freed. This can lead to the execution of arbitrary code.

III. ANALYSIS

Exploitation of this vulnerability results in the execution of arbitrary
code with the privileges of the user viewing the Web page. To exploit
this vulnerability, a targeted user must load a malicious Web page
created by an attacker. An attacker typically accomplishes this via
social engineering or injecting content into compromised, trusted sites.
After the user visits the malicious Web page, no further user
interaction is needed.

IV. DETECTION

Safari versions prior to 5.1 and 5.0.6 are vulnerable.

V. WORKAROUND

Disabling JavaScript is an effective workaround for this vulnerability.

VI. VENDOR RESPONSE

Apple Inc. has released patches which addresses this issue. For more
information, consult their advisory at the following URL:

http://support.apple.com/kb/HT4808

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2011-0234 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

06/01/2011 Initial Vendor Notification
06/01/2011 Initial Vendor Reply
07/20/2011 Coordinated Public Disclosure

IX. CREDIT

This vulnerability was reported to iDefense by wushi of team509.

Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events
http://labs.idefense.com/

X. LEGAL NOTICES

Copyright © 2011 Verisign

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
e-mail customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close