Secunia Security Advisory - Some vulnerabilities and a weakness have been reported in Apple Safari, which can be exploited by malicious people to manipulate certain data, disclose sensitive information, conduct spoofing attacks, or compromise a user's system.
0fe5a3267d1698e920f7bfab9b9f805af78dc293283dad62f132518d892fdfdf
----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36269
VERIFY ADVISORY:
http://secunia.com/advisories/36269/
DESCRIPTION:
Some vulnerabilities and a weakness have been reported in Apple
Safari, which can be exploited by malicious people to manipulate
certain data, disclose sensitive information, conduct spoofing
attacks, or compromise a user's system.
1) An error within font glyph rendering in CoreGraphics can be
exploited to cause a heap-based buffer overflow e.g. when a user
visits a specially crafted web site.
Successful exploitation may allow execution of arbitrary code.
2) A boundary error in ImageIO when processing EXIF metadata can be
exploited to cause a buffer overflow and potentially execute
arbitrary code via a specially crafted image.
3) An error in the Top Sites feature can be exploited to place a web
site in the Top Sites view when a user visits a specially crafted web
page.
4) An error in WebKit within the parsing of floating point numbers
can be exploited to cause buffer overflows when a user visits a
specially crafted web page.
Successful exploitation may allow execution of arbitrary code.
5) An error in WebKit in the handling of the "pluginspage" attribute
of the "embed" element can be exploited to reference file URLs. This
can be exploited to disclose sensitive information when a user clicks
on "Go" in the dialog for unknown plug-in types.
6) An error in the handling of IDN (International Domain Name)
support can be exploited to spoof a URL via e.g. a domain containing
certain international characters that resemble other commonly used
characters.
SOLUTION:
Update to version 4.0.3.
PROVIDED AND/OR DISCOVERED BY:
3) Inferno of SecureThoughts.com
The vendor credits:
1) Will Drewry, Google Inc
5) Alexios Fakos, n.runs AG
6) Chris Weber, Casaba Security, LLC
CHANGELOG:
2009-08-12: Added link to "Original Advisory" section.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3733
securethoughts.com:
http://securethoughts.com/2009/08/hijacking-safari-4-top-sites-with-phish-bombs/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------