SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple Computer
Apple Safari Bugs Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
SecurityTracker Alert ID:  1027550
SecurityTracker URL:  http://securitytracker.com/id/1027550
CVE Reference:   CVE-2012-3713, CVE-2012-3714, CVE-2012-3715, CVE-2012-3598   (Links to External Site)
Date:  Sep 20 2012
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.0.1
Description:   Several vulnerabilities were reported in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially sensitive information.

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a memory corruption error in WebKit and execute arbitrary code on the target system [CVE-2012-3598]. The code will run with the privileges of the target user. Apple Product Security reported this vulnerability.

A remote user can create a specially crafted HTML that, when downloaded and opened by the target user, will exploit a flaw in the quarantine function and be able to access files and resources with the privileges of the target user [CVE-2012-3713]. Aaron Sigel of vtty.com and Masahiro Yamada reported this vulnerability.

A remote user can create specially crafted HTML that, when accessed by a target user using the AutoFill feature, will access information from the Address Book "Me" card that was not included in the Autofill popover [CVE-2012-3714]. Jonathan Hogervorst of Buzzera reported this vulnerability.

When a user edits an HTTPS URL in the address bar, the request may be unexpectedly sent via HTTP [CVE-2012-3715]. Aaron Rhoads of East Watch Services LLC and Pepi Zawodsky reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (6.0.1).

Safari 6.0.1 is included with OS X Mountain Lion v10.8.2.

The vendor's advisory is available at:

http://support.apple.com/kb/HT5502

Vendor URL:  support.apple.com/kb/HT5502 (Links to External Site)
Cause:   Access control error, State error
Underlying OS:   UNIX (OS X)

Message History:   None.


 Source Message Contents

Date:  Thu, 20 Sep 2012 03:46:15 +0000
Subject:  Apple Safari


Excerpt from APPLE-SA-2012-09-19-3 Safari 6.0.1

Safari
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact:  Opening a maliciously crafted downloaded HTML document may
lead to the disclosure of local file content
Description:  In OS X Mountain Lion HTML files were removed from the
unsafe type list. Quarantined HTML documents are opened in a safe
mode that prevents accessing other local or remote resources. A logic
error in Safari's handling of the Quarantine attribute caused the
safe mode not to be triggered on Quarantined files. This issue was
addressed by properly detecting the existence of the Quarantine
attribute.
CVE-ID
CVE-2012-3713 : Aaron Sigel of vtty.com, Masahiro Yamada

Safari
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact:  Using Autofill on a maliciously crafted website may lead to
the disclosure of contact information
Description:  A rare condition existed in the handling of Form
Autofill. Using Form Autofill on a maliciously crafted website may
have led to disclosure of information from the Address Book "Me" card
that was not included in the Autofill popover. This issue was
addressed by limiting Autofill to the fields contained in the
popover.
CVE-ID
CVE-2012-3714 : Jonathan Hogervorst of Buzzera

Safari
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact:  After editing a HTTPS URL in the address bar, a request may
be unexpectedly sent over HTTP
Description:  A logic issue existed in the handling of HTTPS URLs in
the address bar. If a portion of the address was edited by pasting
text, the request may be unexpectedly sent over HTTP. This issue was
addressed by improved handling of HTTPS URLs.
CVE-ID
CVE-2012-3715 : Aaron Rhoads of East Watch Services LLC, Pepi
Zawodsky

WebKit
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-2012-3598 : Apple Product Security

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC