| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Jun 2010 14:25:06 +0200 From: "VUPEN Security Research" <advisories@...en.com> To: <bugtraq@...urityfocus.com> Subject: VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392) VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392) http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4.45% of the worldwide usage share of web browsers according to Net Application." II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a vulnerability in Apple Safari for Windows, Mac OS X and iPhone. The flaw is caused due to a use-after-free error in WebKit when rendering HTML buttons, which could be exploited by attackers to execute arbitrary code via a specially crafted web page. III. AFFECTED PRODUCTS --------------------------- Apple Safari version 4.0.5 and prior (Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 and later, Windows 7, Vista, XP SP2 and later, iPhone) IV. Binary Analysis & Proof-of-concept --------------------------------------- In-depth binary analysis of the vulnerability and a code execution exploit have been published by VUPEN through the VUPEN Binary Analysis & Exploits portal : http://www.vupen.com/exploits/ V. SOLUTION ---------------- Upgrade to Apple Safari version 5.0 or 4.1 : http://www.apple.com/safari/download/ VI. CREDIT -------------- The vulnerability was discovered by Matthieu Bonetti of VUPEN Security VII. ABOUT VUPEN Security --------------------------- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service: http://www.vupen.com/english/services/ * VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/exploits/ * VUPEN Web Application Security Scanner (WASS): http://www.vupen.com/english/wass/ VIII. REFERENCES ---------------------- http://www.vupen.com/english/advisories/2010/1373 http://support.apple.com/kb/HT4196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 IX. DISCLOSURE TIMELINE ----------------------------- 2010-03-30 - Vendor notified 2010-03-30 - Vendor response 2010-05-07 - Status update received 2010-06-02 - Status update received 2010-06-08 - Coordinated public Disclosure
Powered by blists - more mailing lists