Discovered by: David Vieira-Kurz
http://www.majorsecurity.info
Affected Products:
============
Apple Safari browser 4.0.4 an prior
Original Advisory:
============
http://www.majorsecurity.info/index_2.php?adv=major_rls64
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2009.006 23-Jun-2009
_______________________________________________________________________
Vendor: Apple Inc., http://www.apple.com
Affected Products: Safari Browser 3.2.3 all platforms
Vulnerability: Null pointer dereference lead to DoS
Risk: MEDIUM
_______________________________________________________________________
Vendor communication:
Product: Safari browser for windows
Tested on: Last version ( 3.0.3 )
Download url :http://www.apple.com/safari/
Demo url: http://images.apple.com/movies/us/apple/safari/2007/wwdc/apple-safari_672x416.mov
Bug: Remote arbitry file upload
Impact: Critical
Fix Available: No
-------------------------------------------------------
class keyboard-based integer fuzzer this vulnerability would have been left
unearthed.
Apple is going to learn several lessons here, the most important of which is
probably not to let an unsigned short pose as anything other than an unsigned
short. Open up a Safari browser on your favorite chode-sniffing operating
system. Go to a "banned" port like 25 and you'll get an error:
___Not allowed to use restricted network port___ (WebKitErrorDomain:103)
Add 65536 to 25 to make 65561 and revisit the site on this new port-- no such
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2009.005 23-Jun-2009
_______________________________________________________________________
Vendor: Apple Inc., http://www.apple.com
Affected Products: Safari Browser 3.2.3 all platforms
Vulnerability: Information disclosure to Denial of Service
Risk: MEDIUM
_______________________________________________________________________
Vendor communication:
laurent.gaffie@gmail.com wrote:
>safari browser doesn't prompt for a download, it just download the file
>and send it directly on the desktop, which is totally unsecure on a
>windows operating system.
Firefox will do the same if it's configured that way. Is this the default
behavior with Safari?
Jun 07, 2010
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
Mar 11, 2010
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
Jun 08, 2009
I. BACKGROUND
WebKit is an open source web browser engine. It is currently used by the
Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For
more information, see the vendor's site at the following link.
http://webkit.org/
II. DESCRIPTION
Hello everybody, this time writing to inform them of a vulnerability in the Safari browser for Windows 3.1 which allows falsify the web address and enter another page or content that we want.
Below I attach a proof of concept so they can see what it is doing so simple and so dangerous because it can leverage for many techniques such as phishing.
What makes the proof of concept is simply open a window with the site and we want to forge another function overwrites the content of the page so that we can insertarle from a frame to a fake login what is happening to us.
Without them command more to say greetings from Argentina !!!!!!!
http://es.geocities.com/jplopezy/pruebasafari.html
Hello everybody, this time writing to inform them of a vulnerability in the Safari browser for Windows 3.1 which allows falsify the web address and enter another page or content that we want.
Below I attach a proof of concept so they can see what it is doing so simple and so dangerous because it can leverage for many techniques such as phishing.
What makes the proof of concept is simply open a window with the site and we want to forge another function overwrites the content of the page so that we can insertarle from a frame to a fake login what is happening to us.
Without them command more to say greetings from Argentina !!!!!!!
http://es.geocities.com/jplopezy/pruebasafari.html
