‫ Apple Safari Multiple Vulnerabilities

IRCAD2013123058
ID: IRCAD2013123058
Release Date: 2013-12-17
Criticality level: Highly critical
Software:
Apple Safari 6.x
Apple Safari 7.x
Description:
A security issue and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) An error related to origin tracking can be exploited to autofill a form in a subframe of domain different than the main domain.
2) A use-after-free error exists within webkit.
3) An unspecified error within webkit can be exploited to corrupt memory.
4) Another unspecified error within webkit can be exploited to corrupt memory.
5) Another unspecified error within webkit can be exploited to corrupt memory.
6) Another unspecified error within webkit can be exploited to corrupt memory.
7) Another unspecified error within webkit can be exploited to corrupt memory.
8) Another unspecified error within webkit can be exploited to corrupt memory.
9) An error within webkit when handling WebCore::DocumentOrderedMap objects can be exploited to free arbitrary memory.
Successful exploitation of vulnerabilities #2 through #9 may allow execution of arbitrary code.
The security issue and vulnerabilities are reported in versions prior to 6.1.1 and 7.0.1.
Solution
Update to version 6.1.1. or 7.0.1.
References:
APPLE-SA-2013-12-16-1:
ZDI:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 3 دی 1392

امتیاز

امتیاز شما
تعداد امتیازها:0