Safari browser
Discovered by: David Vieira-Kurz
http://www.majorsecurity.info
Affected Products:
============
Apple Safari browser 4.0.4 an prior
Original Advisory:
============
http://www.majorsecurity.info/index_2.php?adv=major_rls64
class keyboard-based integer fuzzer this vulnerability would have been left
unearthed.
Apple is going to learn several lessons here, the most important of which is
probably not to let an unsigned short pose as anything other than an unsigned
short. Open up a Safari browser on your favorite chode-sniffing operating
system. Go to a "banned" port like 25 and you'll get an error:
___Not allowed to use restricted network port___ (WebKitErrorDomain:103)
Add 65536 to 25 to make 65561 and revisit the site on this new port-- no such
Jul 20, 2011
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2009.005 23-Jun-2009
_______________________________________________________________________
Vendor: Apple Inc., http://www.apple.com
Affected Products: Safari Browser 3.2.3 all platforms
Vulnerability: Information disclosure to Denial of Service
Risk: MEDIUM
_______________________________________________________________________
Vendor communication:
Attackers can trigger a successful exploit against a victim user by
triggering user to save a malicious dll file in user's Desktop or if
user's default download save location is his Desktop. This is not a
case at least in the past where there have been cases such as old
versions of Apple Safari Browser automatically saving files in user'
desktop location, which implies that those who still have older
versions of Safari browser (version 3.1.1 and lower) are victims of
this issue.
Product: Safari browser for windows
Tested on: Last version ( 3.0.3 )
Download url :http://www.apple.com/safari/
Demo url: http://images.apple.com/movies/us/apple/safari/2007/wwdc/apple-safari_672x416.mov
Bug: Remote arbitry file upload
Impact: Critical
Fix Available: No
-------------------------------------------------------
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2009.006 23-Jun-2009
_______________________________________________________________________
Vendor: Apple Inc., http://www.apple.com
Affected Products: Safari Browser 3.2.3 all platforms
Vulnerability: Null pointer dereference lead to DoS
Risk: MEDIUM
_______________________________________________________________________
Vendor communication:
Jul 20, 2011
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
Jun 07, 2010
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
http://www.apple.com/safari/
II. DESCRIPTION
Remote exploitation of a memory corruption vulnerability in Apple Inc.'s
Safari browser could allow an attacker to execute arbitrary code with
the privileges of the current user.
Safari is Apple's Web browser and is based on the open source WebKit
browser engine.
Jul 20, 2011
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
laurent.gaffie@gmail.com wrote:
>safari browser doesn't prompt for a download, it just download the file
>and send it directly on the desktop, which is totally unsecure on a
>windows operating system.
Firefox will do the same if it's configured that way. Is this the default
behavior with Safari?
I. BACKGROUND
Apple's CoreGraphics library is an API used to create and manipulate
graphical elements. This API is used by many Apple applications,
including the Safari browser on both Windows and Mac OS X.
II. DESCRIPTION
Remote exploitation of a heap memory corruption vulnerability in Apple
Inc.'s CoreGraphics library could allow an attacker to execute
Hello everybody, this time writing to inform them of a vulnerability in the Safari browser for Windows 3.1 which allows falsify the web address and enter another page or content that we want.
Below I attach a proof of concept so they can see what it is doing so simple and so dangerous because it can leverage for many techniques such as phishing.
What makes the proof of concept is simply open a window with the site and we want to forge another function overwrites the content of the page so that we can insertarle from a frame to a fake login what is happening to us.
Without them command more to say greetings from Argentina !!!!!!!
http://es.geocities.com/jplopezy/pruebasafari.html
Jun 08, 2009
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by the
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
Vendor URL:www.apple.com
Advisore:http://lostmon.blogspot.com/2010/08/safari-for-windows-invalid-sgv-text.html
Vendor notify :Yes exploit available :YES
###################################################
Safari browser for windows is prone vulnerable to a Denial of
service condition , this issue affects webkit.dll and cause a
crash when Safari try to render a SGV image with a very long
font size text style.
Mar 11, 2010
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
Hello everybody, this time writing to inform them of a vulnerability in the Safari browser for Windows 3.1 which allows falsify the web address and enter another page or content that we want.
Below I attach a proof of concept so they can see what it is doing so simple and so dangerous because it can leverage for many techniques such as phishing.
What makes the proof of concept is simply open a window with the site and we want to forge another function overwrites the content of the page so that we can insertarle from a frame to a fake login what is happening to us.
Without them command more to say greetings from Argentina !!!!!!!
http://es.geocities.com/jplopezy/pruebasafari.html
|
