فا

‫ Apple Safari Security Issue and Multiple Vulnerabilities

 

ID: IRCAD2014093520

Release Date: 2014-09-18

Criticality level: Highly critical

Software:

Apple Safari 6.x

Apple Safari 7.x
Description:

A security issue and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.

1) The application does not properly restrict password autofill functionality for untrusted websites, which can be exploited to disclose saved passwords via e.g. Man-in-the-Middle (MitM) attacks.

2) A use-after-free error exists when handling SVG images.

3) An unspecified error exists in WebKit, which can be exploited to cause memory corruption.

4) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

5) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

6) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

7) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

8) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

Note: Additionally a weakness related to HTML 5 cache data access when using private browsing exists.

The security issue and vulnerabilities are reported in versions prior to 6.2 and 7.1.

Solution

Update to version 6.2 or 7.1.

References:

APPLE-SA-2014-09-17-4:

Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 7 مهر 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0