SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple
Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1025816
SecurityTracker URL:  http://securitytracker.com/id/1025816
CVE Reference:   CVE-2010-1383, CVE-2010-1420, CVE-2010-1823, CVE-2011-0214, CVE-2011-0215, CVE-2011-0216, CVE-2011-0217, CVE-2011-0218, CVE-2011-0219, CVE-2011-0221, CVE-2011-0222, CVE-2011-0223, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0237, CVE-2011-0238, CVE-2011-0240, CVE-2011-0241, CVE-2011-0242, CVE-2011-0244, CVE-2011-0253, CVE-2011-0254, CVE-2011-0255, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1188, CVE-2011-1190, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1295, CVE-2011-1296, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1774, CVE-2011-1797, CVE-2011-3443   (Links to External Site)
Updated:  Mar 3 2012
Original Entry Date:  Jul 20 2011
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.0.6 and 5.1
Description:   Multipl vulnerabilities were reported in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information. A remote user can bypass a certificate validation control.

A remote user can replay NTLM authentication data authenticate to a target system [CVE-2010-1383]. Only Windows-based systems are affected.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the
target system [CVE-2010-1823, CVE-2011-0216, CVE-2011-1774, CVE-2011-1797, CVE-2011-1296, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-0218, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121,
CVE-2011-1188, CVE-2011-0221, CVE-2011-0222, CVE-2011-0223, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0237,
CVE-2011-0238, CVE-2011-0240, CVE-2011-0253, CVE-2011-0254, CVE-2011-0255, CVE-2011-0981, CVE-2011-0983, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288,
CVE-2011-1293, CVE-2011-3443]. The code will run with the privileges of the target user.

A remote user can create a specially crafted TIFF file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2011-0215, CVE-2011-0241]. The code will run with the privileges of the target user. Only Windows-based systems are affected.

A remote user can create a specially crafted web site that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser [CVE-2011-1295, CVE-2011-0242]. The code will originate from the site and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user can create a page with the 'text/plain' content type that, when loaded by the target user, will be treated as HTML. A remote user can exploit this to conduct cross-site scripting attacks [CVE-2010-1420].

CFNetwork does not properly validate remote certificates and may ignore that a system root certificate has been disabled and incorrectly accept certificates signed by that root server [CVE-2011-0214].

On systems with the 'AutoFill web forms' feature enabled, a remote user can create a specially crafted web site that, when loaded by the target user and when the target user types on the web site, will obtain information from hidden, auto-filled forms on the target user's browser [CVE-2011-0217].

With a certain Java configuration, a remote user can create a specially crafted web site that, when loaded by the target user, will cause text to be displayed on other sites [CVE-2011-0219].

A remote user can create a specially crafted link within an RSS feed that, when subscribed to and clicked on by the target user, will obtain information from the target user's system [CVE-2011-0244].

A remote user can create a specially crafted web site that, when loaded by the target user, will spoof the address bar URL [CVE-2011-1107].

A remote user can create a specially crafted website that, when loaded by the target user, will obtain information from the target user's system [CVE-2011-1190].

The following researchers reported these vulnerabilities:

Takehiro Takahashi of IBM X-Force Research, Hidetake Jo working with Microsoft Vulnerability Research (MSVR), Neal Poole of Matasano Security, David Weston of Microsoft and Microsoft Vulnerability, an anonymous reporter, Juan Pablo Lopez
Yacubian working with iDefense VCP, Billy Rios of the Google Security Team, Florian Rienhardt of BSI, Alex Lambert, [Jeremiah Grossman], SkyLined of Google Chrome
Security Team, Joshua Smith of Kaon Interactive, Abhishek Arya (Inferno) of Google Chrome Security, Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP, J23 working with
TippingPoint's Zero Day Initiative, wushi of team509 working with both TippingPoint's Zero Day Initiative and iDefense VCP, Rob King working with TippingPoint's Zero Day Initiative, Adam Barth of Google Chrome Security Team, Cyril
CATTIAUX of Tessi Technologies, Jobert Abma of Online24, Jason Hullinger, Richard Keen, an anonymous researcher working with TippingPoint's Zero Day Initiative, Rik Cabanier of Adobe Systems, Inc., Martin Barbella, Jordi Chancel, Sergey Glazunov,
miaubiz, Daniel Divricean of divricean.ro, Andreas Kling of Nokia, John Knottenbelt of Google, and Nicolas Gregoire of Agarri.

Impact:   A remote user can create a file or HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user can obtain potentially sensitive information.

A remote user can bypass a certificate validation control.

Solution:   The vendor has issued a fix (5.0.6, 5.1), available via the Apple Software Update application, or Apple's Safari download site at:

http://www.apple.com/safari/download/

Safari 5.1 is provided for Mac OS X v10.6 and Windows systems. Safari 5.0.6 is provided for Mac OS X v10.5 systems.

Safari for Mac OS X v10.6.8 and later
The download file is named: Safari5.1SnowLeopard.dmg
Its SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24

Safari for Mac OS X v10.5.8
The download file is named: Safari5.0.6Leopard.dmg
Its SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f

Safari for Windows 7, Vista or XP
The download file is named: SafariSetup.exe
Its SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36

Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
The download file is named: Safari_Setup.exe
Its SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b

Safari+QuickTime for Windows 7, Vista or XP
The file is named: SafariQuickTimeSetup.exe
Its SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9

The vendor's advisory is available at:

http://support.apple.com/kb/HT4808

Vendor URL:  support.apple.com/kb/HT4808 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  UNIX (macOS/OS X), Windows (7), Windows (Vista), Windows (XP)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 12 2011 (Apple Issues Fix for iTunes) Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information
Apple has issued a fix for iTunes.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC