Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(Apple Issues Fix for Apple Safari) Apple iTunes Multiple Flaws Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1025827 |
|
SecurityTracker URL: http://securitytracker.com/id/1025827
|
|
CVE Reference:
CVE-2011-0164
(Links to External Site)
|
Date: Jul 22 2011
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Multiple vulnerabilities were reported in Apple iTunes. A remote user can cause arbitrary code to be executed on the target user's system. Apple Safari is affected.
A remote user can create a specially crafted JPEG image that, when loaded by the target user, will trigger a heap overflow in ImageIO and execute arbitrary code on the target system [CVE-2011-0170]. The code will run with the privileges of the target user. Andrzej Dyjak reported this vulnerability via iDefense VCP.
A remote user can create a specially crafted JPEG encoded TIFF image that, when loaded by the target user, will trigger a buffer overflow in ImageIO and execute arbitrary code on the target system [CVE-2011-0191]. The code will run with the privileges of the target user.
A remote user can create a specially crafted CCITT Group 4 encoded TIFF image that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2011-0192]. The code will run with the privileges of the target user.
A remote user can create a specially crafted XML file that, when loaded by the target user, will trigger a double free error and execute arbitrary code on the target system [CVE-2010-4494]. The code will run with the privileges of the target user. Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences, reported this vulnerability.
A remote user can create a specially crafted XML file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2010-4008]. The code will run with the privileges of the target user. Bui Quang Minh from Bkis (www.bkis.com) reported this vulnerability.
A remote user with the ability to conduct a man-in-the-middle attack can trigger multiple memory corruption errors in WebKit while the target user browses the iTunes Store via iTunes to execute arbitrary code on the target user's system [
|
Impact:
A remote user can cause arbitrary code to be executed on the target user's system.
|
Solution:
Apple has issued a fix for CVE-2011-0164 for Safari (5.0.6, 5.1), available via the Apple Software Update application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari 5.1 is provided for Mac OS X v10.6 and Windows systems. Safari 5.0.6 is provided for Mac OS X v10.5 systems.
Safari for Mac OS X v10.6.8 and later
The download file is named: Safari5.1SnowLeopard.dmg
Its SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24
Safari for Mac OS X v10.5.8
The download file is named: Safari5.0.6Leopard.dmg
Its SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f
Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b
Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9
The Apple advisory is available at:
http://support.apple.com/kb/HT4808
|
Vendor URL: support.apple.com/kb/HT4554 (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
UNIX (OS X), Windows (7), Windows (Vista), Windows (XP)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 20 Jul 2011 22:09:47 +0000
Subject: Apple Safari
|
WebKit
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: Applications that use WebKit, such as mail clients, may
connect to an arbitrary DNS server upon processing HTML content
Description: DNS prefetching was enabled by default in WebKit.
Applications that use WebKit, such a s mail clients, may connect to
an arbitrary DNS server upon processing HTML content. This update
addresses the issue by requiring applications to opt in to DNS
prefetching.
CVE-ID
CVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd.
WebKit
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
Visiting a maliciously crafted website may lead to an unexpected
application termination or arbitrary code execution.
CVE-ID
CVE-2011-0164 : Apple
libxslt
Available for: Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of addresses on the heap
Description: libxslt's implementation of the generate-id() XPath
function disclosed the address of a heap buffer. Visiting a
maliciously crafted website may lead to the disclosure of addresses
on the heap. This issue is addressed by generating an ID based on the
difference between the addresses of two heap buffers. For Mac OS X
v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac
OS X v10.5 systems, this issue is addressed in Security Update
2011-004.
CVE-ID
CVE-2011-0195 : Chris Evans of the Google Chrome Security Team
ColorSync
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution
Description: An integer overflow existed in the handling of images
with an embedded ColorSync profile, which may lead to a heap buffer
overflow. Opening a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution. For Mac OS X v10.5 systems, this issue
is addressed in Security Update 2011-004.
CVE-ID
CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day
Initiative
CoreFoundation
Available for: Windows 7, Vista, XP SP2 or later
Impact: Applications that use the CoreFoundation framework may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: An off-by-one buffer overflow issue existed in the
handling of CFStrings. Applications that use the CoreFoundation
framework may be vulnerable to an unexpected application termination
or arbitrary code execution. For Mac OS X v10.6 systems, this issue
is addressed in Mac OS X v10.6.8.
CVE-ID
CVE-2011-0201 : Harry Sintonen
CoreGraphics
Available for: Windows 7, Vista, XP SP2 or later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in the handling of
Type 1 fonts. Viewing or downloading a document containing a
maliciously crafted embedded font may lead to arbitrary code
execution. For Mac OS X v10.6 systems, this issue is addressed in Mac
OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in
Security Update 2011-004.
CVE-ID
CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert
of the Google Security Team
ImageIO
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in ImageIO's handling of
TIFF images. Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution. For
Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.
For Mac OS X v10.5 systems, this issue is addressed in Security
Update 2011-004.
CVE-ID
CVE-2011-0204 : Dominic Chell of NGS Secure
International Components for Unicode
Available for: Windows 7, Vista, XP SP2 or later
Impact: Applications that use ICU may be vulnerable to an unexpected
application termination or arbitrary code execution
Description: A buffer overflow issue existed in ICU's handling of
uppercase strings. Applications that use ICU may be vulnerable to an
unexpected application termination or arbitrary code execution. For
Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.
CVE-ID
CVE-2011-0206 : David Bienvenu of Mozilla
WebKit
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,
Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
Visiting a maliciously crafted website may lead to an unexpected
application termination or arbitrary code execution.
CVE-ID
CVE-2011-1449 : Marek Majkowski, wushi of team 509 working with
iDefense VCP
CVE-2011-1451 : Sergey Glazunov
|
|
Go to the Top of This SecurityTracker Archive Page
|
