Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

OS X 10.4 - Remote hacker automatic control

Version: At least version 10.4.9
Technical Details:

Remote code execution vulnerabilities affecting WebCore and WebKit. WebCore vulnerabilities are in the handling of malicious XMLHttpRequest function calls, leading to application crashes and arbitrary code execution, while the WebKit vulnerabilities are in the handling of framesets

Description:

A couple of malicious vulnerabilities have been discovered affecting different components of OS X's support for handling HTML and JavaScript calls. In the worst case, these vulnerabilities can lead to a remote attacker being able to take control over a vulnerable system, or crashing the application that is accessing those system components.

Mitigation:

Apply Security Update 2007-006 at the earliest opportunity. If users are also using the Safari 3 Beta, they will find that a combined Safari Update will install the Security Update 2007-006 patches alongside the Safari Update.

Updates:

http://www.apple.com/support/downloads/

Source:

http://docs.info.apple.com/article.html?artnum=61798

Exploits:

External Tracking Data:

CVE-ID: CVE-2007-2401 CVE-ID: CVE-2007-2399


Social bookmark this page