Apple Safari: Use-after-free Arbitrary Code Execution Vulnerability

Users of Apple Safari please be advised of an arbitrary code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

VUPEN-SR-2010-245: [VUPEN-SR-2010-245] Apple Safari – Use-after-free Issue
DESCRIPTION
———————

VUPEN Vulnerability Research Team discovered a critical vulnerability
in Apple Safari.

The vulnerability is caused by a use-after-free in WebKit when handling
scrollbars, which could be exploited by remote attackers to execute
arbitrary code by tricking a user into visiting a specially crafted web
page.

Read more at http://www.criticalwatch.com

 

Advertisements