SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple
(Apple Issues Fix for Safari) Blackberry Device Software Bug in WebKit Lets Remote Users Execute Code
SecurityTracker Alert ID:  1025364
SecurityTracker URL:  http://securitytracker.com/id/1025364
CVE Reference:   CVE-2011-1290   (Links to External Site)
Date:  Apr 14 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.0.5
Description:   A vulnerability was reported in Blackberry Device Software. A remote user can cause arbitrary code to be executed on the target user's system. Apple Safari is affected.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code on the target system.

The code can access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone, but not email and other personal information stored on the file system of the BlackBerry smartphone.

The following devices are affected:

* BlackBerry Bold 9650 smartphone
* BlackBerry Bold 9700 smartphone
* BlackBerry Bold 9780 smartphone
* BlackBerry Curve 9300 Series
* BlackBerry Pearl 9100 Series
* BlackBerry Style 9670 smartphone
* BlackBerry Torch 9800 smartphone

This vulnerability was demonstrated at the Pwn2Own 2011 Contest.

Vincenzo Iozzo, Ralf Philipp Weinmann, and Willem Pinckaers reported this vulnerability via TippingPoint's Zero Day Initiative.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   Apple has issued a fix for Apple Safari (5.0.5), which is affected by this vulnerability, available via the Apple Software Update application, or Apple's Safari download site at:

http://www.apple.com/safari/download/

Safari for Mac OS X v10.6.5 and later
The download file is named: Safari5.0.5SnowLeopard.dmg
Its SHA-1 digest is: 631cd280171938491c45a905e24904e7739eaefe

Safari for Mac OS X v10.5.8
The download file is named: Safari5.0.5Leopard.dmg
Its SHA-1 digest is: 661cdb68ca33b8eb41f20be837eb6a1c12289876

Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: c2c6b1f5c04af7f24d2474e4b2597d40dddaeca2

Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: e245b935fc0aaec31a512fa0ab9dce2dcec0b2f8

Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 5f1455cd2290e9ced03dfbb6ea57b4c2931446a5

The vendor's advisory is available at:

http://support.apple.com/kb/HT4596

Cause:   Not specified
Underlying OS:  UNIX (macOS/OS X), Windows (7), Windows (Vista), Windows (XP)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 15 2011 Blackberry Device Software Bug in WebKit Lets Remote Users Execute Code



 Source Message Contents

Subject:  APPLE-SA-2011-04-14-3 Safari 5.0.5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-04-14-3 Safari 5.0.5

Safari 5.0.5 is now available and addresses the following:

WebKit
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.5 or later, Mac OS X Server v10.6.5 or later,
Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow issue existed in the handling of
nodesets. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-1290 : Vincenzo Iozzo, Willem Pinckaers, Ralf-Philipp
Weinmann, and an anonymous researcher working with TippingPoint's
Zero Day Initiative

WebKit
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.5 or later, Mac OS X Server v10.6.5 or later,
Windows 7, Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A use after free issue existed in the handling of text
nodes. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2011-1344 : Vupen Security working with TippingPoint's Zero Day
Initiative, and Martin Barbella


Note:

Certificate Trust Policy

Several fraudulent SSL certificates were issued by a Comodo affiliate
registration authority. This may allow a man-in-the-middle attacker
to redirect connections and intercept user credentials or other
sensitive information. Safari relies on the certificate store of the
host operating system to determine if an SSL server certificate is
trustworthy. For Mac OS X systems, this issue is addressed with
Security Update 2011-002. For iOS, this issue is addressed with iOS
4.3.2 and iOS 4.2.7. For Windows systems, applying the update
described in Microsoft Knowledge Base Article 2524375 will cause
Safari to regard these certificates as untrusted. The article is
available at http://support.microsoft.com/kb/2524375


Safari 5.0.5 is available via the Apple Software Update
application, or Apple's Safari download site at:
http://www.apple.com/safari/download/

Safari for Mac OS X v10.6.5 and later
The download file is named: Safari5.0.5SnowLeopard.dmg
Its SHA-1 digest is: 631cd280171938491c45a905e24904e7739eaefe

Safari for Mac OS X v10.5.8
The download file is named: Safari5.0.5Leopard.dmg
Its SHA-1 digest is: 661cdb68ca33b8eb41f20be837eb6a1c12289876

Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: c2c6b1f5c04af7f24d2474e4b2597d40dddaeca2

Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: e245b935fc0aaec31a512fa0ab9dce2dcec0b2f8

Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 5f1455cd2290e9ced03dfbb6ea57b4c2931446a5

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJNphlUAAoJEGnF2JsdZQee1GkH/iuQ6LP4y5nBIDA9aEdIxf0W
Ck8983LqH5dQJOWa3kdvA2//DRdW0mhaZrOWkECa2NvWiz+FoDkbAm531shpuKvc
8AgVBjDs/bZzJRmOmmbbGaJBzFLc7lzrf5RxKoKzvfgPsNqT/wBqssv74C2b2vjf
LqJuZg0zZ6tvGCzg+J9q/h8w1nUk8Gc52TLaL0Nw+Y+Uu7eEgk2Gt1iiEKh4v6Nv
hEEcPrepF8zYljS/UPX8LKG7TREHazyXB7iIxo14tx02ZZQzvOcp6TuVkr28CxF+
n3VyD/FFyOgwvtQiep7i551PFbGlboOgZ2jFyv0Ad7tgT5BJJQqOrF5pPM/zn9A=
=4V8l
-----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC