SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple
Apple Safari Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Spoof the User Interface
SecurityTracker Alert ID:  1035354
SecurityTracker URL:  http://securitytracker.com/id/1035354
CVE Reference:   CVE-2009-2197, CVE-2016-1771, CVE-2016-1772   (Links to External Site)
Date:  Mar 22 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.1
Description:   Several vulnerabilities were reported in Apple Safari. A remote user can cause denial of service conditions on the target system. A remote user can obtain potentially sensitive information on the target system. A remote user can spoof the user interface.

A remote user can create specially crafted HTML that, when loaded by the target user, will spoof user interface dialog text [CVE-2009-2197].

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an input validation flaw in the processing of certain files and cause denial of service conditions on the target system [CVE-2016-1771].

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a cookie storage flaw in Safari Top Sites to track potentially sensitive information [CVE-2016-1772].

Alexios Fakos of n.runs AG, Russ Cox, and WoofWagly reported these vulnerabilities.

Impact:   A remote user can cause denial of service conditions on the target system.

A remote user can obtain potentially sensitive information on the target system.

A remote user can spoof the user interface.

Solution:   The vendor has issued a fix (9.1).

The vendor's advisory is available at:

https://support.apple.com/en-us/HT206171

Vendor URL:  support.apple.com/en-us/HT206171 (Links to External Site)
Cause:   Access control error, Input validation error, Resource error
Underlying OS:  UNIX (macOS/OS X)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC