what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Safari 3.2.3 Information Disclosure

Safari 3.2.3 Information Disclosure
Posted Jun 24, 2009
Authored by Alexios Fakos | Site nruns.com

Safari fails to sanitize the file protocol handler thus leading to an information disclosure, e.g. local file theft. Dynamically creating a certain HTML tag and using a valid file path to an executable may lead to a denial of service condition. Apple's Safari browser version 3.2.3 is vulnerable.

tags | advisory, denial of service, local, protocol, info disclosure
systems | apple
SHA-256 | cacf872f1106fc6da55a3d56af72a3d3d6d797892f96aa06e4ee001b4fa30ae6

Safari 3.2.3 Information Disclosure

Change Mirror Download
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2009.005 23-Jun-2009

Vendor: Apple Inc., http://www.apple.com
Affected Products: Safari Browser 3.2.3 all platforms
Vulnerability: Information disclosure to Denial of Service

Vendor communication:

2009/06/07 Bug found
2009/06/08 Preparing PoC's and problem description for three bug
classes (n.runs-SA-2009.004 - n.runs-SA-2009.006);
writing initial email
2009/06/08 Apple releases Safari 4.0 [1]
2009/06/09 Sending initial email in midnight hour (UTC/GMT +2 hours)
2009/06/09 Bot reply mail delivered; received Follow-Up ID
2009/06/09 Due to a press release n.runs is now aware of new release;
testing three PoC's; two of them seems to be fixed
2009/06/10 Apple replies and outlining "to take any report of a
potential security issue very seriously." Asking for PoC's
2009/06/10 Sending all PoC's with further description and outlining
at the time of writing the initial email, n.runs was aware
of new Safari release. Two PoC's (n.runs-SA-2009.005 and
n.runs-SA-2009.006) are not working with new Safari
release but asking to have a closer look into it.
2009/06/11 Apple response two PoC's are not working on the latest
release, so Apple don't see the need for any further
action. With regards to n.runs-SA-2009.004, Apple
acknowledge the issue still affects Safari 4 and is
looking to fix it.
2009/06/15 n.runs informs Apple to release this advisory
due to time difference
2009/06/23 n.runs releases this advisory



Quoting http://www.apple.com/safari/:
"What is Safari ?
It's a browser. It's a platform. It's an open invitation to innovate.
Whether on a Mac, PC, iPhone, or iPod touch, Safari continuously
redefines the browser, providing the most enjoyable way to experience
the Internet."


Passing the file protocol handler to a certain HTML allows to read local
On Windows it is possible to create an instance of Windows Explorer by
calling an executable file. Other operating systems were not tested.

In detail, the following flaw was determined:

- Safari fails to sanitaze the file protocol handler thus leading to an
information disclosure, e.g. local file theft.
Creating dynamically a certain HTML tag and using a valid file path to
an executable may lead to a Denial of Service condition.


An attacker could trigger the vulnerability by constructing a specially
prepared html file. When a user views this file, local content can be
send to a third party. Additionaly, various ghost instances of Window
Explorer may harm the stability of the users system.


Apple has issued an update to correct this vulnerability.
For detailed information about the fixes follow the link in
References [1] section of this document.


Bugs found by Alexios Fakos of n.runs AG.

[1] http://support.apple.com/kb/HT3613

This Advisory and Upcoming Advisories:

Unaltered electronic reproduction of this advisory is permitted. For
all other reproduction or publication, in printing or otherwise,
contact security@nruns.com for permission. Use of the advisory
constitutes acceptance for use in an "as is" condition. All warranties
are excluded. In no event shall n.runs be liable for any damages
whatsoever including direct, indirect, incidental, consequential loss
of business profits or special damages, even if n.runs has been advised
of the possibility of such damages.

Copyright 2009 n.runs AG. All rights reserved. Terms of use apply.
Login or Register to add favorites

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By