Announcement Announcement Module
Collapse
No announcement yet.
Advisory - Multiple Vulnerabilities in Apple Safari Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advisory - Multiple Vulnerabilities in Apple Safari

    Multiple Vulnerabilities in Apple Safari

    Severity Rating: High

    Systems Affected
    • Apple Mac Os X 10.7.4 and previous versions
    • Apple Mac Os X Server 10.7.4 and previous versions
    • OS X Mountain Lion v10.8.5
    • OS X Mavericks v10.9.3

    Software Affected
    • Apple Safari Versions 6.1.3 and previous versions
    • Apple Safari Versions 7.0.3 and previous versions

    Overview
    Multiple vulnerabilities have been reported in Apple Safari, which could allow remote attackers to execute arbitrary code or cause a denial of service condition.

    Description

    1. Multiple memory corruption vulnerabilities
    These vulnerabilities are caused due to unspecified memory corruption errors in the WebKit component of Apple Safari.
    A remote attacker could exploit these vulnerabilities by persuading users to open a malicious link.
    Successful exploitation of these vulnerabilities could allow remote attackers to trigger a memory corruption error that could be leveraged to execute arbitrary code or could cause an unexpected termination of theaffected browser, r esulting in a denial of service (DoS) condition.

    2. Encoding Vulnerability

    This vulnerability is caused due to improper interpret of Unicode characters in URLs by WebKit.
    A remote attacker could exploit this vulnerability by enticing users to open a URL with crafted characters.
    Successful exploitation of this vulnerability could allow remote attackers to to bypass security restrictions and send an incorrect postMessage origin.


    Solution

    Update to Apple Safari version 6.1.4 and 7.0.4
    http://support.apple.com/kb/HT6254
    http://www.apple.com/support/downloads/

    Vendor Information
    Apple
    http://support.apple.com/kb/HT6254


    References

    Apples
    http://support.apple.com/kb/HT6254
    http://support.apple.com/kb/HT1222

    SecurityFocus
    http://www.securityfocus.com/bid/67553

    Security Tracker
    http://securitytracker.com/id/1030269

    Secure List
    http://www.securelist.com/en/advisories/58890

    Secunia
    http://secunia.com/advisories/58890/
Working...
X