en

‫ Apple Safari WebKit Multiple Vulnerabilities

ID: IRCAD2015033824
Release Date: 2015-03-18
Criticality level: Highly critical
Software:
Apple Safari 6.x
Apple Safari 7.x
Apple Safari 8.x
Description:
Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system.
1) An unspecified error exists in WebKit, which can be exploited to cause memory corruption.
2) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
3) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
4) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
5) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
6) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
7) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
8) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
9) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
10) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
11) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
12) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
13) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
14) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
15) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
16) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.
Successful exploitation of the vulnerabilities #1 through #‫16 may allow execution of arbitrary code.
17) An unspecified error can be exploited to misrepresent the URL and subsequently e.g. conduct spoofing attacks.
The vulnerabilities are reported in versions prior to 6.2.4, prior to 7.1.4, and prior to 8.0.4.
Solution
Update to version 6.2.4, 7.1.4, or 8.0.4.
References:
APPLE-SA-2015-03-17-1:
Secunia:

The Wall

No comments
You need to sign in to comment