SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple
Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1029505
SecurityTracker URL:  http://securitytracker.com/id/1029505
CVE Reference:   CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5227, CVE-2013-5228   (Links to External Site)
Updated:  Dec 17 2013
Original Entry Date:  Dec 17 2013
Impact:   Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.1.1 and 7.0.1
Description:   Multiple vulnerabilities were reported in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially sensitive information.

A remote user can create HTML that, when loaded by the target user, will cause the browser to autofill user credentials to a subframe from a different domain [CVE-2013-5227]. Niklas Malmgren of Klarna AB reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a flaw in WebKit and execute arbitrary code on the target system [CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5228]. The code will run with the privileges of the target user. Apple, Keen Team (@K33nTeam) (via HP's Zero Day Initiative), and the Google Chrome Security Team reported these vulnerabilities.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (6.1.1, 7.0.1).

The fix is also included in OS X Mavericks 10.9.1 [APPLE-SA-2013-12-16-2 OS X Mavericks v10.9.1].

The vendor's advisories are available at:

http://support.apple.com/kb/HT6082
http://support.apple.com/kb/HT6084

Vendor URL:  support.apple.com/kb/HT6082 (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC