Next Page >>
Apple Safari
PUBLIC
=========================================================================
ACROS Security Problem Report #2010-09-08-1
-------------------------------------------------------------------------
ASPR #2010-09-08-1: Remote Binary Planting in Apple Safari for Windows
=========================================================================
Document ID: ASPR #2010-09-08-1-PUB
Vendor: Apple, Inc. (http://www.apple.com)
Target: Apple Safari for Windows
VUPEN Security Research - Apple Safari Selections Handling Use-after-free
Vulnerability (VUPEN-SR-2010-246)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Apple Safari is a web browser developed by Apple. As of February 2010,
VUPEN Security Research - Apple Safari WebKit Scroll Event Handling Remote
Use-after-free
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Apple Safari is a web browser developed by Apple. As of February 2010,
VUPEN Security Research - Apple Safari WebKit Block Dimensions Handling
Integer Overflow
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Apple Safari is a web browser developed by Apple. As of February 2010,
VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free
Vulnerability (VUPEN-SR-2010-245)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Apple Safari is a web browser developed by Apple. As of February 2010,
VUPEN Security Research - Apple Safari WebKit Iframe Event Handling Remote
Use-after-free
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Apple Safari is a web browser developed by Apple. As of February 2010,
VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free
Vulnerability (CVE-2011-1344)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Apple Safari is a web browser developed by Apple. As of February 2010,
Name field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2702).
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
context-dependent attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a large precision
value in the format argument to a printf function, related to an
array overrun. (CVE-2009-0689)
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free
Vulnerability (CVE-2010-1392)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Safari is a web browser developed by Apple. As of February 2010,
VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Safari is a web browser developed by Apple. As of February 2010,
________________________________________________________________________
Apple Safari & Quicktime Denial of Service
________________________________________________________________________
Shameless plug :
------------------------------------------------------------------------
You are invited to join the 2009 edition of HACK.LU, a small but
concentrated luxemburgish security conference.
More information : http://www.hack.lu - CFP is open, sponsorship is still
Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of
Service Vulnerability
Date: Feb 25 2009
Class: Input Validation Error
Local: Yes
Remote: Yes
Vulnerable Versions:
* Apple Safari 4 (528.16) Public Beta
ZDI-09-034: Apple Safari SVG Set.targetElement() Memory Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-034
June 8, 2009
-- CVE ID:
CVE-2009-1709
-- Affected Vendors:
Apple
Exploit Code :
#!/usr/bin/env python
#######################################################
#
# Title: Apple Safari <= Tag (heap spray) Remote BOF Exploit (osX)
# Author: eidelweiss
# Special Thank`s to: AL-MARHUM - [D]eal [C]yber - all Senior MEDANHACKER
# Greats: JosS (hackown) , r0073r & 0x1D (inj3ct0r) , kuris (good job beib
LOL)
# Tested on ibook OS X 10.4.11 (ibook g4)
ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-022
May 13, 2009
-- CVE ID:
CVE-2009-0945
-- Affected Vendors:
Apple
ZDI-08-045: Apple Safari StyleSheet ownerNode Heap Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-045
July 25, 2008
-- CVE ID:
CVE-2008-2317
-- Affected Vendors:
Apple
ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-022
April 16, 2008
-- CVE ID:
CVE-2008-1026
-- Affected Vendors:
Apple
ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-109
March 22, 2011
-- CVE ID:
CVE-2011-1417
-- CVSS:
Apple Safari Remote Memory Corruption Vulnerability
2009.June.09
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Apple Safari.
Summary:
========
A memory corruption vulnerability exists in Apple Safari which allows a remote attacker to execute arbitrary code through a malicious webpage.
Impact:
________________________________________________________________________
Apple Safari Remote code execution (CSS:Attr)
________________________________________________________________________
Shameless plug :
------------------------------------------------------------------------
You are invited to join the 2009 edition of HACK.LU, a small but
concentrated luxemburgish security conference.
More information : http://www.hack.lu - CFP is open, sponsorship is still
Opera and FireFox contains vulnerable code for handling BMP files with
partial palette. The code allows to craft a BMP file that leaks
information from the heap. This information can be sent to remote
server using canvas tag (HTML 5) and javascript.
Also other browser (for example Apple Safari) contain vulnerable BMP
handling code, but since there is no way of acquiring the image data
(due to not all canvas method being implemented), it doesn't pose a
serious threat (hmm... then again, maybe the attacker could convince
the user to do a screenshot and send it to the attacker :)
As a matter of fact Apple Safari has a simillar problem with certain
[MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service
Details
============
Product: Apple Safari Webbrowser
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.apple.com/safari/
Vendor-Status: informed
Advisory-Status: published on 02-02-2010
Apple
-- Affected Products:
Apple Mail
Apple OS X
Apple Safari
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11426.
For further product information on the TippingPoint IPS, visit:
Apple
Google
-- Affected Products:
Apple WebKit
Apple Safari
Google Chrome
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9597.
ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-242
July 27, 2011
-- CVE ID:
CVE-2011-0255
-- CVSS:
-- Affected Products:
Microsoft Internet Explorer
Google Chrome
Mikul Links
Apple Safari
ISC Lynx
-- Vulnerability Details:
Multiple vulnerabilities allow remote attackers to remotely terminate
mission critical web applications on vulnerable installations of Apple
-- Affected Vendors:
Apple
-- Affected Products:
Apple Safari
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 10064.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Webkit as utilized by either Apple Safari,
or Google's Chrome browser. User interaction is required to exploit this
vulnerability in that the target must visit a malicious page or open a
malicious file.
The specific flaw exists within how the library handles implicitly
with research colleague Thomas Duebendorfer from Google in Zurich I've
finally had a chance to look deeper into the performance of Web
browser update mechanisms. The analysis of anonymized Google Web
server logs allowed us to compare and rank the update strategies
deployed by
Google Chrome, Mozilla Firefox, Apple Safari, and Opera. We found
considerable differences in the performance of the update techniques
deployed by each browser by measuring the share of the latest minor
version within the same major version during the first 21 days after
its release.
Next Page>>
|
