SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple
Apple Safari WebKit Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1031647
SecurityTracker URL:  http://securitytracker.com/id/1031647
CVE Reference:   CVE-2014-3192, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479   (Links to External Site)
Date:  Jan 28 2015
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 6.2.3, 7.1.3, 8.0.3
Description:   Several vulnerabilities were reported in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption flaw and execute arbitrary code on the target system. The code will run with the privileges of the target user.

cloudfuzzer, lokihardt@ASRT (via HP's Zero Day Initiative), and Apple reported these vulnerabilities.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix (6.2.3, 7.1.3, 8.0.3).

The vendor's advisory is available at:

http://support.apple.com/en-us/HT204243

Vendor URL:  support.apple.com/en-us/HT204243 (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X)

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3

Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and
address the following:

WebKit
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10.1
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-3192 : cloudfuzzer
CVE-2014-4476 : Apple
CVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day
Initiative
CVE-2014-4479 : Apple


Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 may be obtained from
the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQIcBAEBAgAGBQJUx8uiAAoJEBcWfLTuOo7tVvAP/RQqyj3sfim+PzlCUCbz0BJ7
EnaZYWHcuWrb/HkfdvnPpWQD6Ts4qdPuLZG++RytXHPMPwwALSSS9BYC7FezyEYx
6jXWiiHo4Lcsl1jKOAuVUfqXKUNQmWaFnaM7twPkcnaioO2950O7FlO9lv/l/x9F
SFKvrytBeFoctVBbWeVpPBs0zJFGUd0MgxJj+gjlxyJusm1tXi0/Jjs1zvdvUxdf
fo+VPGYN3PJshtLZyXxNciUKk+mo2YHqiNLpEXzeDrLTW6+x8xBGTdQuMf4EPt+M
5/jwTJF4Hb45+VnjsezcS3fqUC3WbimO44+jJHtlZ7+02sWl6ZH3he4K/QC/vyyN
D4lAzy7FYl5Mv6tUUMxyVq3a21LVSOiuEFaqPQLlAWeHrH5iod2qBXoedlcc1wO3
99JCgiZkli+I7j4Fyqb5yBK3UJ3q0Muqv07OEAODxE05WmEGnJ2Pjs+wAjsutckI
RKEseE5S/l7fC8u9C857OhaE8LbhuwFE4ysT4yi8Jg+TP33CRWbQeowzLL2ooO/q
sVjm/AZnQOm0iFfKV6SluPLH4tJDSdSAg87KznoY1jRhlXYO1+PZM4yqMKzr+R3Z
qVer+pZfmb8u3PI62DG9E0rXG7A52Tgk9d/FOETRkp+b/ZATyB4Txao2ndJeGT1y
KFzfoOFfT788FlTbDEPC
=bowY
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC