Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Safari - Remote hacker automatic control

Version: 3.0
Technical Details:

Numerous vulnerabilities addressed, including:

Safari - Adding bookmarks may lead to denial of service or arbitrary code execution due to stack buffer overflow when long site titles are added to the bookmark list.

WebKit - It is possible to operate Java applets even when Java is disabled. Another issue has also been addressed, where poor IDN support allows for obfuscation of URLs. Poor support for PCRE elements may also lead to arbitrary code execution.

Description:

Yesterday Apple released version 3.0.3 of the Safari 3 Beta Internet browser, addressing a set of vulnerabilities that include issues that can allow a remote attacker to take control over a vulnerable system, prevent access to legitimate use of the application, or obfuscate website addresses.

Mitigation:

Update to version 3.0.3 via the Software Update application (OS X), or via the download link below.

Updates:

http://www.apple.com/safari/download/

Source:

Apple Product Security

Exploits:

External Tracking Data:

CVE-ID: CVE-2007-3743 CVE-ID: CVE-2007-2408 CVE-ID: CVE-2007-3742 CVE-ID: CVE-2007-3944


Social bookmark this page