Apple Safari Multiple Vulnerabilities

ERCOLINO · 5 Giugno 2013

Secunia Advisory SA53711
Release Date 2013-06-05

Criticality level:Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
System access
Where: From remote

Solution Status: Vendor Patch

Description

Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system.

1) Some vulnerabilities are caused due to a bundled vulnerable version of WebKit.

For more information:
SA52320 (#1)
SA52761 (#8)
SA53471 (#1)

2) An unspecified error in WebKit can be exploited to execute arbitrary code. No further information is currently available.

3) An unspecified error in WebKit can be exploited to execute arbitrary code. No further information is currently available.

4) An error related to iframe handling can be exploited to conduct cross-site scripting attacks.

5) An unspecified error related to the XSS Auditor can be exploited to bypass certain security restrictions and e.g. alter the behavior of forms.

The vulnerabilities are reported in versions prior to 6.0.5.

Solution
Update to version 6.0.5.

Bollettino Sicurezza

ERCOLINO · 17 Dicembre 2013

http://secunia.com/advisories/56122/

ERCOLINO · 2 Aprile 2014

http://secunia.com/advisories/57688/

ERCOLINO · 23 Maggio 2014

Vulnerabilità:Altamente critica

Safari: 6.x e 7.x

Description:

Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

The vulnerabilities are reported in versions prior to 6.1.4 and prior to 7.0.4.

Solution:
Update to version 6.1.4 or 7.0.4.

http://secunia.com/advisories/58890/

ERCOLINO · 1 Luglio 2014

Apple Safari Multiple Vulnerabilities

Where:From remote

Impact:Spoofing, System access

Solution Status:Vendor Patch

Description

Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system.

1) An unspecified error exists in WebKit, which can be exploited to cause memory corruption.

2) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

3) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

4) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

5) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

6) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

7) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

8) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

9) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

10) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

Successful exploitation of the vulnerabilities #1 through #10 may allow execution of arbitrary code.

11) An error when handling URLs can be exploited to spoof the domain name of a web site in the address bar.

The vulnerabilities are reported in versions prior to 6.1.5 and prior to 7.0.5.

Solution:
Update to version 6.1.5 or 7.0.5.

ERCOLINO · 28 Gennaio 2015

Apple Safari Multiple Vulnerabilities

Description

Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to compromise a user's system.

1) Some unspecified errors in WebKit can be exploited to corrupt memory.

2) A use-after-free error when handling Set objects can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities #1 and #2 may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 6.2.3, prior to 7.1.3, and prior to 8.0.3.

Solution:
Update to version 6.2.3, 7.1.3, or 8.0.3.

ERCOLINO · 19 Marzo 2015

Apple Safari WebKit Multiple Vulnerabilities

Where:From remote

Impact:Spoofing, System access

Solution Status:Vendor Patch

Description

Multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system.

1) An unspecified error exists in WebKit, which can be exploited to cause memory corruption.

2) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

3) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

4) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

5) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

6) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

7) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

8) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

9) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

10) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

11) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

12) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

13) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

14) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

15) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

16) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

Successful exploitation of the vulnerabilities #1 through #16 may allow execution of arbitrary code.

17) An unspecified error can be exploited to misrepresent the URL and subsequently e.g. conduct spoofing attacks.

The vulnerabilities are reported in versions prior to 6.2.4, prior to 7.1.4, and prior to 8.0.4.

Solution:
Update to version 6.2.4, 7.1.4, or 8.0.4.

ERCOLINO · 7 Maggio 2015

Apple aggiorna Safari per risolvere tre falle di WebKit

https://support.apple.com/en-us/HT204826