Safari Vulnerabilities Revealed

Tuesday, March 13, 2012 @ 03:03 PM gHale

There are two unpatched vulnerabilities in Apple’s Safari 5 Web browser, said Danish IT security firm Secunia.

These vulnerabilities have not suffered exploitation, but they could allow an attacker to run malicious software and conduct spoofing attacks on those using the browser.

Mac Trojan Steals Passwords
Apple’s OS X Tightens Security
Apple Deals with App Privacy Issues
Cracking Apple iWork Encyrption

The first vulnerability is in Safari’s plug-in handling system, where in some instances when interacting with the plug-in (such as by accessing its settings or contextual menus), if you navigate to a new page, the plug-in may unload in a way that allows it to write to freed memory and thereby allow code to inject into components of memory no longer controlled by the plug-in process.

Secunia has been able to exploit this bug in Safari version 5.1.2 (the Windows version) using the RealPlayer and Adobe Flash plug-ins, though the company warns other versions may also suffer from the issue.

The second vulnerability is a problem with a built-in function called “setInterval,” where an attack could display arbitrary contents on the screen when visiting a trusted URL, potentially allowing for spoofing and misleading people visiting those pages.

This bug was in version 5.0.5 of the Web browser. They partially fixed it in version 5.1.2, though it apparently is still exploitable to some extent.

While Secunia just released information on these exploits, they have known about them for quite a while, with the plug-in vulnerability being around for over 6 months, and the setInterval function bug known for over 8 months. Secunia said they contacted Apple regarding its findings, but following little or no response from Apple, the security firm followed its guidelines of its disclosure policy and made the information on these exploits public.

Leave a Reply

You must be logged in to post a comment.