SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple
Apple Safari Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information, Spoof the Address Bar, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code
SecurityTracker Alert ID:  1036854
SecurityTracker URL:  http://securitytracker.com/id/1036854
CVE Reference:   CVE-2016-4611, CVE-2016-4618, CVE-2016-4728, CVE-2016-4729, CVE-2016-4730, CVE-2016-4731, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4737, CVE-2016-4751, CVE-2016-4758, CVE-2016-4759, CVE-2016-4760, CVE-2016-4762, CVE-2016-4763, CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, CVE-2016-4768, CVE-2016-4769   (Links to External Site)
Date:  Sep 21 2016
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.0
Description:   Multiple vulnerabilities were reported in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass security controls on the target system. A remote user can spoof the address bar. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information.

The Safari Reader does not properly filter HTML code from user-supplied input before displaying the input [CVE-2016-4618]. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from an arbitrary site and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user can exploit a tab session state management flaw to spoof the address bar [CVE-2016-4751].

A remote user can exploit a permissions flaw in the handling of the location variable to obtain potentially sensitive information [CVE-2016-4758].

A remote user in a privileged network position can exploit a certificate validation flaw to access and modify network traffic from applications that use WKWebView with HTTPS [CVE-2016-4763].

A remote web site can return specially crafted HTTP/0.9 responses to access non-HTTP services on the target system [CVE-2016-4760].

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.

Various memory corruption errors may occur [CVE-2016-4611, CVE-2016-4729, CVE-2016-4730, CVE-2016-4731, CVE-2016-4734, CVE-2016-4735, CVE-2016-4737, CVE-2016-4759, CVE-2016-4762, CVE-2016-4766, CVE-2016-4767, CVE-2016-4768, CVE-2016-4733, CVE-2016-4765, CVE-2016-4769].

A parsing flaw may occur in the handling of error prototypes [CVE-2016-4728].

An anonymous researcher, Daniel Chatfield of Monzo Bank, Daniel Divricean, Masato Kinugawa of Cure53, Natalie Silvanovich of Google Project Zero, Andre Bargull, Tongbo Luo of Palo Alto Networks, Zheng Huang of Baidu Security Lab, Anonymous (via Trend Micro's Zero Day Initiative), and Jordan Milne reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can bypass security controls on the target system.

A remote user can spoof the address bar.

A remote user can obtain potentially sensitive information.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   The vendor has issued a fix (10.0).

The vendor advisory is available at:

https://support.apple.com/en-us/HT207157

Vendor URL:  support.apple.com/en-us/HT207157 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error
Underlying OS:  UNIX (macOS/OS X)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 21 2016 (Apple Issues Fix for Apple iTunes) Apple Safari Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information, Spoof the Address Bar, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code
Apple has issued a fix for Apple iTunes for Windows.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC