About the security content of Safari 5.0.2 and Safari 4.1.2

2010-09-14T00:00:00
ID SECURITYVULNS:DOC:24728
Type securityvulns
Reporter Securityvulns
Modified 2010-09-14T00:00:00

Description

About the security content of Safari 5.0.2 and Safari 4.1.2

* Last Modified: September 07, 2010
* Article: HT4333

[Email this article] [Print this page] Summary

This document describes the security content of Safari 5.0.2 and Safari 4.1.2.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates." Products Affected

Product Security, Safari 4 (Mac OS X 10.5), Safari 4 (Mac OS X 10.4), Safari 5 (Windows), Safari 5 (Mac OS X 10.6), Safari 5 (Mac OS X 10.5) Safari 5.0.2 and Safari 4.1.2

*

  Safari

  CVE-ID: CVE-2010-1805

  Available for: Windows 7, Vista, XP SP2 or later

  Impact: Opening a file in a directory that is writable by other users may lead to arbitrary code execution

  Description: A search path issue exists in Safari. When displaying the location of a downloaded file, Safari launches Windows Explorer without specifying a full path to the executable. Launching Safari by opening a file in a specific directory will include that directory in the search path. Attempting to reveal the location of a downloaded file may execute an application contained in that directory, which may lead to arbitrary code execution. This issue is addressed by using an explicit search path when launching Windows Explorer. This issue does not affect Mac OS X systems. Credit to Simon Raner of ACROS Security for reporting this issue.

*

  WebKit

  CVE-ID: CVE-2010-1807

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An input validation issue exists in WebKit's handling of floating point data types. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of floating point values. Credit to Luke Wagner of Mozilla for reporting this issue.

*

  WebKit

  CVE-ID: CVE-2010-1806

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A use after free issue exists in WebKit's handling of elements with run-in styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of object pointers. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.