Safari 4.1.3 and Safari 5.0.3: Arbitrary Code Execution Vulnerability

Users of Safari 5.0.3 and Safari 4.1.3 please be advised of an arbitrary code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

APPLE-SA-2010-11-18-1: [APPLE-SA-2010-11-18-1] Safari 5.0.3 and Safari 4.1.3
Impact: Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution

Description: An integer overflow exists in WebKit’s handling of

strings. Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution. This

issue is addressed through improved bounds checking. Credit to J23

for reporting this issue.
Impact: Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution

Description: A use after free issue exists in WebKit’s handling of

scrollbars. Visiting a maliciously crafted website may lead to an

unexpected application termination or arbitrary code execution. This

issue is addressed through improved memory management. Credit to

thabermann for reporting this issue.

Read more at http://www.criticalwatch.com

 

Advertisements