F-Secure
Tools
Safari 4 Multiple Vulnerabilities
| Report ID: | SA201006424 |
| Source: | F-Secure |
| Date of Discovery: | 12.03.2010 |
| Criticality: | Undefined |
| Affects: | Safari 4.0.4 and earlier versions |
| Compromise From: | From remote |
| Compromise Type: | DoS Exposure of sensitive information Remote code execution |
Summary
Multiple vulnerabilities in Apple Safari could lead to application crash or arbitrary code execution when a user visits a maliciously crafted website.
Detailed Description
Apple has reported multiple vulnerabilities in its web browser, Safari version 4.0.4 or prior, that could cause the application to crash or allow an attacker to execute arbitrary code.
ColorSync
• An integer overflow when handling images with an embedded color profile may lead to unexpected application crash or arbitrary code execution.
ImageIO
• A buffer overflow when handling TIFF images may lead to application crash or arbitrary code execution.
• An uninitialized memory access when handling BMP or TIFF images may enable a specially crafted website to obtain data from Safari's memory.
• A memory corruption issue in the handling of TIFF images may lead to application crash or arbitrary code execution.
PubSub
• An implementation issue during the handling of cookies set by RSS and Atom feeds may result in a cookie being set despite Safari's configuration to block cookies.
Safari
• An flaw in handling external URL schemes may open a local file in response to a URL encounter on the web page. Visiting a maliciously crafted website may lead to arbitrary code execution.
WebKit
• A memory corruption issue in the handling of CSS format() arguments may lead to application crash or arbitrary code execution.
• A use-after-free issue in the handling of HTML object element fallback content may lead to application crash or arbitrary code execution.
• A use-after-free issue when parsing XML documents may lead to application crash or arbitrary code execution.
• A use-after-free issue in the handling of HTML elements containing right-to-left displayed text may lead to application crash or arbitrary code execution.
• A use-after-free issue in the handling of incorrectly nested HTML tags may lead to application crash or arbitrary code execution.
• A use-after-free issue in the handling of cross-origin stylesheet requests may disclose the content of protected resources on another website.
• A use-after-free issue in the handling of callbacks for HTML elements may lead to application crash or arbitrary code execution.
• A use-after-free issue in the rendering of content with a CSS display property set to 'run-in' may lead to application crash or arbitrary code execution.
• A use-after-free issue in the handling of HTML image elements may lead to application crash or arbitrary code execution.
Solution
Update to Safari 4.0.5 or later versions
Original Reference
About the security content of Safari 4.0.5 (http://support.apple.com/kb/HT4070)
CVE Reference
CVE-2009-2285
CVE-2010-0040
CVE-2010-0041
CVE-2010-0042
CVE-2010-0043
CVE-2010-0044
CVE-2010-0045
CVE-2010-0046
CVE-2010-0047
CVE-2010-0048
CVE-2010-0049
CVE-2010-0050
CVE-2010-0051
CVE-2010-0052
CVE-2010-0053
CVE-2010-0054
CVE-2010-0040
CVE-2010-0041
CVE-2010-0042
CVE-2010-0043
CVE-2010-0044
CVE-2010-0045
CVE-2010-0046
CVE-2010-0047
CVE-2010-0048
CVE-2010-0049
CVE-2010-0050
CVE-2010-0051
CVE-2010-0052
CVE-2010-0053
CVE-2010-0054