SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple
(Apple Issues Fix for iOS) Apple Safari Memory Corruption Errors Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1024412
SecurityTracker URL:  http://securitytracker.com/id/1024412
CVE Reference:   CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1791, CVE-2010-1793   (Links to External Site)
Date:  Sep 9 2010
Impact:   Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.1.1, 5.0
Description:   Several vulnerabilities were reported in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks.

The software does do not properly filter HTML code from user-supplied input in RSS feeds before displaying the input [CVE-2010-1778]. A remote user can create a specially crafted RSS feed that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. This can be exploited to access files on the target user's system. Billy Rios of the Google Security Team reported this vulnerability.

A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

The processing of element focus in WebKit can cause code execution [CVE-2010-1780]. Tony Chang of Google, Inc. reported this vulnerability.

The rendering of inline elements in WebKit can cause code execution [CVE-2010-1782]. wushi of team509 reported this vulnerability.

The handling of dynamic modifications to text nodes in WebKit can cause code execution [CVE-2010-1783].

The handling of CSS counters in WebKit can cause code execution [CVE-2010-1784]. wushi of team509 reported this vulnerability via TippingPoint's Zero Day Initiative.

SVG text elements with specially crafted :first-letter and :first-line pseudo-elements can cause cause code execution [CVE-2010-1785]. wushi of team509 reported this vulnerability via TippingPoint's Zero Day Initiative.

SVG documents with specially crafted foreignObject elements can trigger code execution [CVE-2010-1786]. wushi of team509 reported this vulnerability via TippingPoint's Zero Day Initiative.

SVG documents with specially crafted floating elements can trigger code execution [CVE-2010-1787].

SVG documents with specially crafted 'use' elements can trigger code execution [CVE-2010-1788]. Justin Schuh of Google, Inc. reported this vulnerability.

Specially crafted JavaScript string objects can trigger a buffer overflow and cause code execution [CVE-2010-1789]. The vendor reported this vulnerability.

The handling of just-in-time compiled JavaScript stubs in WebKit can cause code execution [CVE-2010-1790].

The handling of JavaScript arrays can trigger a signedness issue in WebKit can cause code execution [CVE-2010-1791]. Natalie Silvanovich reported this vulnerability.

The handling of regular expressions in WebKit can cause code execution [CVE-2010-1792]. Peter Varga of University of Szeged reported this vulnerability.

SVG documents with specially crafted 'font-face' and 'use' elements can cause code execution [CVE-2010-1793]. Aki Helin of OUSPG reported this vulnerability.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can access files on the target user's system.

Solution:   Apple has issued a fix for iOS (4.1) for CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1791, and CVE-2010-1793.

The Apple advisory is available at:

http://support.apple.com/kb/HT1222

Vendor URL:  support.apple.com/kb/HT4276 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  Apple (iOS)
Underlying OS Comments:  2.0 - 4.0.2

Message History:   This archive entry is a follow-up to the message listed below.
Jul 28 2010 Apple Safari Memory Corruption Errors Let Remote Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC