| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Mar 2010 18:52:35 +0100 From: "VUPEN Security Research" <advisories@...en.com> To: <bugtraq@...urityfocus.com> Subject: VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4.45% of the worldwide usage share of web browsers according to Net Application." II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a vulnerability in Apple Safari. The flaw is caused by an integer overflow error in ColorSync when processing certain images with an embedded color profile, which could be exploited by attackers to potentially execute arbitrary code via a specially crafted web page. III. AFFECTED PRODUCTS -------------------------------- Apple Safari versions prior to 4.0.5 IV. Exploits - PoCs & Binary Analysis ---------------------------------------- In-depth binary analysis of the vulnerability and a proof-of-concept have been released by VUPEN through the VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/exploits V. SOLUTION ---------------- Upgrade to Apple Safari 4.0.5: http://www.apple.com/safari/download/ VI. CREDIT -------------- The vulnerability was discovered by Sebastien Renaud of VUPEN Security VII. ABOUT VUPEN Security --------------------------------- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. VUPEN also provides in-depth binary analysis of vulnerabilities and commercial-grade exploit codes to help security vendors, governments, and corporations to evaluate and qualify risks, and protect their infrastructures and assets. * VUPEN Vulnerability Notification Service: http://www.vupen.com/english/services * VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/exploits VIII. REFERENCES ---------------------- http://www.vupen.com/english/advisories/2010/0599 http://support.apple.com/kb/HT4070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0040 IX. DISCLOSURE TIMELINE ----------------------------------- 2009-12-03 - Vendor notified 2009-12-07 - Vendor response 2010-01-26 - Status update received 2010-03-04 - Status update received 2010-03-12 - Coordinated public Disclosure
Powered by blists - more mailing lists