‫ Apple Safari Multiple Vulnerabilities

IRCAD2012031778
ID: IRCAD2012031778
Release Date: 2012-03-13
Criticality level: Highly critical
 
Software:
Apple Safari 5.x
 
Description:
Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.
1) An error within the International Domain Name (IDN) support feature can be exploited to spoof a URL containing look-alike characters and trick a user into visiting a malicious website.
2) Multiple errors in the WebKit component can be exploited to conduct cross-site scripting attacks.
3) An error within the WebKit component when handling drag-and-drop actions can be exploited to conduct cross-site scripting attacks.
4) Multiple errors within the WebKit component can be exploited to corrupt memory.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
5) An error within the cookie policy does not enforce the "Block Cookies" preference properly and can be exploited to set cookies from third-party sites.
6) An error in the WebKit component when handling redirects during HTTP Authentication can be exploited to disclose the credentials to another site.
 
Solution
Update to version 5.1.4.
 
References:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 23 اسفند 1390

امتیاز

امتیاز شما
تعداد امتیازها:0