Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(Apple Issues Fix for Safari) Apple iPhone Multiple Bugs Let Remote Users Execute Arbitrary Code and Redirect FaceTime Calls
|
|
SecurityTracker Alert ID: 1024758 |
|
SecurityTracker URL: http://securitytracker.com/id/1024758
|
|
CVE Reference:
CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815
(Links to External Site)
|
Date: Nov 18 2010
|
Impact:
Execution of arbitrary code via network, Modification of system information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Multiple vulnerabilities were reported in Apple iPhone. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can redirect FaceTime calls. Apple Safari is affected by some of these vulnerabilities.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a double free memory error in the processing of inline elements and execute arbitrary code on the target system [CVE-2010-1781].
James Robinson of Google, Inc. reported this vulnerability.
A remote user in a privileged network position may be able to exploit a certificate validation flaw to redirect FaceTime calls [CVE-2010-1810].
Aaron Sigel of vtty.com reported this vulnerability.
A remote user can create specially crafted TIFF image that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2010-1811].
Apple reported this vulnerability.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a use-after-free memory error in the processing of selections and execute arbitrary code on the target system [CVE-2010-1812].
Ojan Vafai of Google, Inc. reported this vulnerability.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2010-1813].
Jose A. Vazquez of spa-s3c.blogspot.com reported this vulnerability.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error in the processing of form menus and execute arbitrary code on the target system [CVE-2010-1814].
Csaba Osztrogonac of University of Szeged reported this vulnerability.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a use-after-free memory error in the processing of scrollbars and execute arbitrary code on the target system [CVE-2010-1815].
Tony Chang of Google, Inc reported this vulnerability.
A remote user can create specially crafted GIF image that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2010-1817].
Tom Ferris of Adobe PSIRT reported this vulnerability.
An application may use location services but not announce this through VoiceOver [CVE-2010-1809].
Robin Kipp of Forever Living Products Europe reported this vulnerability.
|
Impact:
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user may be able to redirect FaceTime calls.
|
Solution:
Apple has issued a fix (4.1.3, 5.0.3) for Safari for CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, and CVE-2010-1815, available via the Apple Software Update application, or at:
http://www.apple.com/safari/download/
http://www.apple.com/support/downloads/
Safari for Mac OS X v10.6.4 and later
The download file is named: Safari5.0.3SnowLeopard.dmg
Its SHA-1 digest is: 83e91419951bc0b58d09c82df94571b1cb03dda5
Safari for Mac OS X v10.5.8
The download file is named: Safari5.0.3Leopard.dmg
Its SHA-1 digest is: 32f56ef034fdb666448b15cab1ebab8d712afe21
Safari for Mac OS X v10.4.11
The download file is named: Safari4.1.3Tiger.dmg
Its SHA-1 digest is: c8fcfbe751fd6d01e483cc61233e8fb17382b6df
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: a1d08e983476555688430f89b2252fa4d2be2df1
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: d20ecb88756d60b34fac77579853ef139d2de0ed
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 76e9c25613a29c460f9715e41aa121673bdae6be
The Apple advisory is available at:
http://support.apple.com/kb/HT4455
|
Vendor URL: support.apple.com/kb/HT1222 (Links to External Site)
|
Cause:
Access control error, Authentication error, Boundary error
|
Underlying OS:
UNIX (OS X), Windows (7), Windows (Vista), Windows (XP)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 18 Nov 2010 17:44:53 +0000
Subject: Apple Safari
|
CVE-2010-1812
CVE-2010-1813
CVE-2010-1814
CVE-2010-1815
|
|
Go to the Top of This SecurityTracker Archive Page
|
