Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Safari - Remote hacker automatic control

Version: 3.0 and prior.
Technical Details:

URL address bar spoofing in the Windows Safari 3 Beta, and cross domain request flaws allowing JavaScript to modify sites outside of the original domain.

WebCore and WebKit vulnerabilities may lead to arbitrary code execution or application crashes due to poor handling of XMLHttpRequest requests and poor frame handling.

Description:

Several vulnerabilities affecting Safari, WebCore, and WebKit have been patched by Apple in a cumulative update for the Safari 3 Beta release for both Windows and OS X. In the worst case, these vulnerabilities could allow a malicious attacker to take control of a vulnerable system by tricking a victim into visiting a malicious site.

It should be noted that the vulnerabilities from Security Update 2007-006 also apply to the Windows Safari 3 Beta installations, and will be installed alongside the updates to Safari.

Mitigation:

Apply Safari Beta Update 3.0.2 at the earliest opportunity. Users who have not applied Security Update 2007-006 will also find that it is applied alongside the Safari beta update.

Updates:

http://www.apple.com/safari/download/

Source:

http://www.apple.com/safari/download/

Exploits:

External Tracking Data:

CVE-ID: CVE-2007-2398 CVE-ID: CVE2007-2400


Social bookmark this page