[<prev] [next>] [day] [month] [year] [list]
Message-ID: <00d701d32b5e$5579c440$0100a8c0@pc>
Date: Tue, 12 Sep 2017 03:29:47 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: <submissions@...ketstormsecurity.org>,
<fulldisclosure@...lists.org>
Subject: [FD] How Apple fixed my 2008's hole in their browser after 9 years
Hello participants of Mailing List.
I'll tell you how Apple fixed my 2008's hole in their browser after 9 years.
They did it in very lame manner.
There are many vulnerabilities in Safari (mobile and desktop), such as DoS
and XSS vulnerabilities. During 2016-2017 I wrote to Apple, that found these
holes in Safari for iOS 6.x, 8.x and 10.x. Particularly I wrote about a lot
of DoS by blocking, resource consumption, freezing and crashing.
As I wrote to Apple at 06.06.2017, I checked at 04.06.2017 previous
vulnerabilities in Safari 10.0.2 and 10.3.2 for iOS. Which in January 2016
checked in Safari 6.0.1 and 8.4.1 for iOS. They still not fixed those
vulnerabilities. So I found that many of them, that affected 8.x, still
affect 10.x version. For example multiple Denial of Service and Cross-Site
Scripting vulnerability (for bypassing XSS filters).
One of these holes is blocking DoS by print dialog. I found it in 2008, as
you can see in my posts, that have links to exploits that I published in
those years. This is my post from 04.06.2017 for Safari 10 for iOS
(http://websecurity.com.ua/8626/) with exploit, that I made and published at
17.10.2008 - similar holes I found in different browsers, such as Mozilla
Firefox, Opera and Google Chrome (http://websecurity.com.ua/2537/) and
called it printing DoS attack.
Here is my 2008's post to security mailing list: DoS vulnerabilities in
Mozilla, Internet Explorer, Google Chrome and Opera
(https://securityvulns.com/Udocument740.html).
http://websecurity.com.ua/uploads/2008/Firefox%20DoS%20Exploit5.html
This exploit completely blocks browser.
In October 2008 I wrote my article Classification of DoS vulnerabilities in
browsers. On two languages - on Ukrainian (at 18.10.2008) and on English (at
22.10.2008 http://websecurity.com.ua/2550/). Where I told about all
above-mentioned variants of DoS vulnerabilities in browsers, including
blocking DoS, one of which is blocking by printing dialog (in those years I
made exploits for all variants of dialogs in browsers to conduct DoS
attacks). And in this article I summarize it - even without mentioned
Safari, but I told that all browsers are vulnerable (that support
appropriate dialog windows). So already 9 years ago I told all browser
developers, that their software are vulnerable, but all of them ignored it.
In July I read advisory (http://www.securityfocus.com/archive/1/540884)
about holes in Safari, where I found that Apple fixed DoS by printing
dialog. They called it "CVE-2017-7060". The hole that I found in all
browsers (with print functionality) already in 2008 and wrote about it in
above-mentioned advisory and in my article in 2008. And told Apple about it
many times during 2016-2017. But they lamerly ignored and lamerly draw
attention only to message from Travis Kelley, but not to all my posts,
articles and letters for 9 years!
In that advisory mentioned desktop Safari, but mobile version is the same
vulnerable (I tested on Safari for iOS). So in July I suggested Apple to fix
both versions.
Apple answered me, that this issue is different. This is not different
issue. CVE-2017-7060 is the same issue with print dialogs, that I found and
created exploit nine yeas ago. Since there is only one possible attack on
browsers with printing dialog. To put infinite print dialog window, that
blocks browser. This attack and all other blocking attacks on all browsers I
developed in 2008 (and some in other years). Particularly my attack with
printing dialog I published at 17.10.2008 and called it "printing DoS
attack". And mentioned about this kind of attacks in my 2008's article
Classification of DoS vulnerabilities in browsers.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists