Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2009-1701: About the security content of Safari 4.0

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.

CVE
#xss#vulnerability#web#ios#mac#windows#apple#google#microsoft#dos#git#java#perl#pdf#zero_day#webkit

This document describes the security content of Safari 4.0.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see “How to use the Apple Product Security PGP Key.”

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see “Apple Security Updates.”

This article has been archived and is no longer updated by Apple.

Safari 4.0

  • CFNetwork

    CVE-ID: CVE-2009-1704

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Downloaded image files may be misidentified as HTML, leading to JavaScript execution without warning the user

    Description: Image files are ‘safe’ types that, once downloaded, are displayed by Safari without warning the user. An issue in Safari may cause it to be unable to identify the file type of certain local image files. In this case, Safari will examine the content of those files and may treat them as HTML. If a file contains JavaScript, it will be executed in the local context. For a downloaded file, this should not occur without first prompting the user. This issue is addressed by treating files of unknown type as generic binary data, and by correctly identifying the image file types known to have this issue. Credit to Sergio ‘shadown’ Alvarez of Recurity Labs GmbH for reporting this issue.

  • CFNetwork

    CVE-ID: CVE-2009-1716

    Available for: Windows XP or Vista

    Impact: A local user may be able to read the contents of files being downloaded by other users

    Description: CFNetwork creates temporary files insecurely when downloading. A local user may be able to access another user’s files as they are downloaded, leading to the disclosure of sensitive information. This update addresses the issue by downloading files to the user’s secure temporary directory location. For Mac OS X systems, this issue is addressed in Mac OS X v10.5.6. Credit to Billy Rios and Microsoft Vulnerability Research for reporting this issue.

  • CoreGraphics

    CVE-ID: CVE-2008-2321

    Available for: Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: CoreGraphics contains memory corruption issues in the processing of arguments. Passing untrusted input to CoreGraphics via an application, such as a web browser, may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. For Mac OS X systems, this issue is addressed in Security Update 2008-005. Credit to Michal Zalewski of Google Inc. for reporting this issue.

  • CoreGraphics

    CVE-ID: CVE-2009-1705

    Available for: Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of TrueType fonts. An arithmetic issue in the automatic hinting of fonts may cause memory corruption. Visiting a maliciously crafted website with embedded fonts may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved input validation of TrueType font data. This issue does not affect Mac OS X systems. Credit to Clint Ruoho of Laconic Security and Tavis Ormandy of Google Security Team for reporting this issue.

  • CoreGraphics

    CVE-ID: CVE-2009-0946

    Available for: Windows XP or Vista

    Impact: Multiple vulnerabilities in FreeType v2.3.8

    Description: Multiple integer overflows exist in FreeType v2.3.8, that may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. These issues do not affect CoreGraphics on Mac OS X systems. Credit to Tavis Ormandy of the Google Security Team for reporting these issues.

  • CoreGraphics

    CVE-ID: CVE-2009-0145

    Available for: Windows XP or Vista

    Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues exist in CoreGraphics’ handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds and error checking. For Mac OS X v10.5 systems, this issue is addressed in Mac OS X v10.5.7. For Mac OS X v10.4.11 systems, this issue is addressed in Security Update 2009-002.

  • CoreGraphics

    CVE-ID: CVE-2009-1179

    Available for: Windows XP or Vista

    Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow exists in CoreGraphics’ handling of PDF files containing JBIG2 streams. Opening a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Dormann of CERT/CC for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2009-0040

    Available for: Windows XP or Vista

    Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized pointer issue exists in the handling of PNG images. Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PNG images. Credit to Tavis Ormandy of the Google Security Team for reporting this issue.

  • International Components for Unicode

    CVE-ID: CVE-2009-0153

    Available for: Windows XP or Vista

    Impact: Maliciously crafted content may bypass website filters and result in cross-site scripting

    Description: An implementation issue exists in ICU’s handling of certain character encodings. Using ICU to convert invalid byte sequences to Unicode may result in over-consumption, where trailing bytes are considered part of the original character. This may be leveraged by an attacker to bypass filters on websites that attempt to mitigate cross-site scripting. This update addresses the issue through improved handling of invalid byte sequences. For Mac OS X v10.5 systems, this issue is addressed in Mac OS X v10.5.7. Credit to Chris Weber of Casaba Security for reporting this issue.

  • libxml

    CVE-ID: CVE-2008-3281, CVE-2008-3529, CVE-2008-4409, CVE-2008-4225, CVE-2008-4226

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Multiple vulnerabilities in libxml2 version 2.6.16

    Description: Multiple vulnerabilities exist in libxml2 version 2.6.16, the most serious of which may lead to an unexpected application termination or arbitrary code execution. On Windows, the issues are addressed by updating libxml2 to version 2.7.3. On Mac OS X v10.4.11 and Mac OS X v10.5.7, the issues are addressed by applying the relevant patches.

  • Safari

    CVE-ID: CVE-2009-1682

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a website with a revoked EV certificate may not display a certificate warning

    Description: An issue in Safari’s handling of Extended Validation (EV) certificates may cause the revocation checking to be bypassed. This would allow a page to be loaded without issuing a warning for a revoked EV certificate. This update addresses the issue through improved revocation checking for EV certificates. Credit to Bruce Morton for reporting this issue.

  • Safari

    CVE-ID: CVE-2009-1706

    Available for: Windows XP or Vista

    Impact: Cookies set during a private browsing session may remain after private browsing ends

    Description: Safari’s Private Browsing feature is designed to allow users to browse without leaving evidence of the browser session on disk. An implementation issue in Private Browsing may cause cookies to remain on disk after Private Browsing ends. This may result in an unexpected disclosure of sensitive information. This update addresses the issue by removing cookies from the alternate cookie store when private browsing is disabled, or Safari quits. This issue does not affect Mac OS X systems. Credit to Michael Hay of Beatnik Monkey Software for reporting this issue.

  • Safari

    CVE-ID: CVE-2009-1707

    Available for: Windows XP or Vista

    Impact: “Reset Safari” may not immediately remove website passwords from memory

    Description: After clicking the “Reset” button for “Reset saved names and passwords” in the “Reset Safari…” menu option, Safari may take up to 30 seconds to clear the passwords. A user with access to the system in that time window may be able to access the stored credentials. This issue is addressed by resolving the race condition that leads to the delay. This issue does not affect Mac OS X systems. Credit to Philippe Couturier of izypage.com, and Andrew Wellington of The Australian National University for reporting this issue.

  • Safari

    CVE-ID: CVE-2009-1708

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to the disclosure of local file content or arbitrary code execution

    Description: An issue in Safari’s open-help-anchor URL handler may allow a maliciously crafted website to open local help files. This may lead to the disclosure of sensitive information or arbitrary code execution. This update addresses the issue by preventing remote sites from calling the open-help-anchor URL handler. Credit to Billy Rios and Microsoft Vulnerability Research for reporting this issue.

  • Safari Windows Installer

    Available for: Windows XP or Vista

    Impact: Safari may run with elevated privileges

    Description: The Safari installer includes a checkbox to launch Safari immediately after installation. If this checkbox is checked, the compression method in the installer will cause Safari to run with elevated privileges for its initial launch. The issue is addressed by using a different compression method in the installer. This issue does not affect Mac OS X systems. Credit to Dave English of Lutnos for reporting this issue.

  • WebKit

    CVE-ID: CVE-2006-2783

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: WebKit ignores Unicode byte order mark sequences when parsing web pages. Certain websites and web content filters attempt to sanitize input by blocking specific HTML tags. This approach to filtering may be bypassed and lead to cross-site scripting when encountering maliciously-crafted HTML tags containing byte order mark sequences. This update addresses the issue through improved handling of byte order mark sequences. Credit to Chris Weber of Casaba Security, LLC for reporting this issue.

  • WebKit

    CVE-ID: CVE-2008-1588

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Unicode ideographic spaces may be used to spoof a website

    Description: When Safari displays the current URL in the address bar, Unicode ideographic spaces are rendered. This allows a maliciously crafted website to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by not rendering Unicode ideographic spaces in the address bar.

  • WebKit

    CVE-ID: CVE-2008-7260

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit’s handling of invalid color strings in CSS. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of color strings. Credit to Thomas Raffetseder of the International Secure Systems Lab for reporting this issue.

  • WebKit

    CVE-ID: CVE-2008-3632

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit’s handling of ‘@import’ statements within Cascading Style Sheets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of style sheets. Credit to Dean McNamee of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2008-4231

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access issue exists in WebKit’s handling of HTML tables. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through proper initialization of the internal representation of HTML tables. Credit to Haifei Li of Fortinet’s FortiGuard Global Security Research Team for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1681

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Interacting with a maliciously crafted website may result in unexpected actions on other sites

    Description: A design issue exists in the same-origin policy mechanism used to limit interactions between websites. This policy allows websites to load pages from third-party websites into a subframe. This frame may be positioned to entice the user to click a particular element within the frame, an attack referred to as "clickjacking". A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase. This update addresses the issue through adoption of the industry-standard ‘X-Frame-Options’ extension header, that allows individual web pages to opt out of being displayed within a subframe.

  • WebKit

    CVE-ID: CVE-2009-1684

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may result in cross-site scripting

    Description: A cross-site scripting issue exists in the separation of JavaScript contexts. A maliciously crafted web page may use an event handler to execute a script in the security context of the next web page that is loaded in its window or frame. This update addresses the issue by ensuring that event handlers are not able to directly affect an in-progress page transition. Credit to Michal Zalewski of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1685

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may result in cross-site scripting

    Description: A cross-site scripting issue exists in the separation of JavaScript contexts. By enticing a user to visit a maliciously crafted web page, the attacker may overwrite the ‘document.implementation’ of an embedded or parent document served from a different security zone. This update addresses the issue by ensuring that changes to ‘document.implementation’ do not affect other documents. Credit to Dean McNamee of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1686

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: A type conversion issue exists in WebKit’s JavaScript exception handling. When an attempt is made to assign the exception to a variable that is declared as a constant, an object is cast to an invalid type, causing memory corruption. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that assignment in a const declaration writes to the variable object. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1687

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit’s JavaScript garbage collector. If an allocation fails, a memory write to an offset of a NULL pointer may result, leading to an unexpected application termination or arbitrary code execution. This update addresses the issue by checking for allocation failure. Credit to SkyLined of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1688

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may result in cross-site scripting

    Description: WebKit does not use the HTML 5 standard method to determine the security context associated with a given script. An implementation issue in WebKit’s method may result in a cross-site scripting attack under certain conditions. This update addresses the issue by using the standards-compliant method to determine the security context associated with a script. Credit to Adam Barth of UC Berkeley, and Collin Jackson of Stanford University for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1689

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may result in a cross-site scripting attack

    Description: A cross-site scripting issue exists in WebKit. A maliciously crafted website containing a form submitted to ‘about:blank’ may synchronously replace the document’s security context, allowing currently-executing scripts to run in the new security context. This update addresses the issue through improved handling of cross-site interaction with form submission. Credit to Adam Barth of UC Berkeley, and Collin Jackson of Stanford University for reporting this issue.

  • Webkit

    CVE-ID: CVE-2009-1690

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may result in an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit’s handling of recursion in certain DOM event handlers. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved memory management. Credit to SkyLined of Google Inc, and wushi & ling of team509 working with Verisign iDefense VCP for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1691

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to cross-site scripting

    Description: A cross-site scripting issue in Safari allows a maliciously crafted website to alter standard JavaScript prototypes of websites served from a different domain. By enticing a user to visit a maliciously crafted web page, an attacker may be able to alter the execution of JavaScript served from other websites. This update addresses the issue through improved access controls on these prototypes.

  • WebKit

    CVE-ID: CVE-2009-1693

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may disclose images from other sites

    Description: A cross-site image capture issue exists in WebKit. By using a canvas with an SVG image, a maliciously crafted website may load and capture an image from another website. This update addresses the issue by restricting the reading of canvases that have images loaded from other websites. Credit to Chris Evans of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1694

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may disclose images from other sites

    Description: A cross-site image capture issue exists in WebKit. By using a canvas and a redirect, a maliciously crafted website may load and capture an image from another website. This update addresses the issue through improved handling of redirects. Credit to Chris Evans of for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1695

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may result in a cross-site scripting attack

    Description: An issue in WebKit allows the contents of a frame to be accessed by an HTML document after a page transition has taken place. This may allow a maliciously crafted website to perform a cross-site scripting attack. This update addresses the issue through an improved domain check. Credit to Feng Qian of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1696

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Websites may surreptitiously track users

    Description: Safari generates random numbers for JavaScript applications using a predictable algorithm. This could allow a website to track a particular Safari session without using cookies, hidden form elements, IP addresses, or other techniques. This update addresses the issue by using a better random number generator. Credit to Amit Klein of Trusteer for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1697

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may result in a cross-site scripting attack

    Description: A CRLF injection issue exists in the handling of XMLHttpRequest headers in WebKit. This may allow a maliciously crafted website to bypass the same-origin policy by issuing an XMLHttpRequest that does not contain a Host header. XMLHttpRequests without a Host header may reach other websites on the same server, and allow attacker-supplied JavaScript to interact with those sites. This update addresses the issue through improved handling of XMLHttpRequest headers. Credit to Per von Zweigbergk for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1698

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized pointer issue exists in the handling of the CSS ‘attr’ function. Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of CSS elements. Credit to Thierry Zoller working with TippingPoint’s Zero Day Initiative, and Robert Swiecki of the Google Security Team for reporting this as a security issue.

  • WebKit

    CVE-ID: CVE-2009-1699

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may result in an information disclosure

    Description: An XML External Entity issue exists in WebKit’s handling of XML. A maliciously crafted website may be able to read files from the user’s system. This update addresses the issue by not loading external entities across origins. Credit to Chris Evans of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1700

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may result in the disclosure of sensitive information

    Description: WebKit does not properly handle redirects when processing Extensible Stylesheet Language Transformations (XSLT). This allows a maliciously crafted website to retrieve XML content from pages on other websites, which could result in the disclosure of sensitive information. This update addresses the issue by ensuring that documents referenced in transformations are downloaded from the same domain as the transformation itself. Credit to Chris Evans of Google for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1701

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit’s handling of the JavaScript DOM. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of document elements. Credit to wushi & ling of team509 working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1702

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: An issue in WebKit’s handling of Location and History objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of Location and History objects. Credit to Adam Barth and Joel Weinberger of UC Berkeley for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1703

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to information disclosure

    Description: WebKit’s handling of audio and video HTML elements allows a remote website to reference local “file:” URLs. A maliciously crafted website could perform file existence checking, which may lead to information disclosure. This update addresses the issue through improved handling of audio and video elements. Credit to Dino Dai Zovi for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1709

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit’s handling of SVG animation elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of caches. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1710

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: A maliciously crafted website may spoof browser UI elements

    Description: By specifying a large and mostly transparent custom cursor, and adjusting the CSS3 hotspot property, a maliciously crafted website may spoof browser UI elements, such as the host name and security indicators. This update addresses the issue through additional restriction on custom cursors. Credit to Dean McNamee of Google for reporting this issue

  • WebKit

    CVE-ID: CVE-2009-1711

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access issue exists in WebKit’s handling of Attr DOM objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of DOM objects. Credit to Feng Qian of Google Inc. for reporting this issue.

  • Webkit

    CVE-ID: CVE-2009-1712

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may lead to information disclosure or arbitrary code execution

    Description: WebKit allows remote websites to load Java applets from the local system. Local applets may not expect to be loaded remotely and may allow the remote site to execute arbitrary code or otherwise grant unexpected privileges to the remote site. This update addresses the issue by preventing remote websites from loading local applets.

  • WebKit

    CVE-ID: CVE-2009-1713

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Visiting a maliciously crafted website may result in an information disclosure

    Description: An information disclosure issue exists in WebKit’s implementation of the document() function used in XSLT documents. A maliciously crafted website may be able to read files from other security zones, including the user’s system. This update addresses the issue by preventing the loading of resources across origins. Credit to Chris Evans of Google for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1714

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Using Web Inspector on a maliciously crafted website may result in cross-site scripting

    Description: An issue in Web Inspector allows a page being inspected to run injected script with elevated privileges, including the ability to read the user’s file system. This update addresses the issue by proper escaping of HTML attributes. Credit to Pengsu Cheng of Wuhan University for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1715

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Using Web Inspector on a maliciously crafted website may result in cross-site scripting

    Description: An issue in Web Inspector allows a page being inspected to run injected script with elevated privileges, including the ability to read the user’s file system. This update addresses the issue by executing scripts with the privileges of the web page being inspected. Credit to Collin Jackson of Stanford University, and Adam Barth of UC Berkeley for reporting this issue.

  • WebKit

    CVE-ID: CVE-2009-1718

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

    Impact: Dragging content over a maliciously crafted web page may lead to information disclosure

    Description: An issue exists in WebKit’s handling of drag events. This may lead to the disclosure of sensitive information when content is dragged over a maliciously crafted web page. This update addresses the issue through improved handling of drag events. Credit to Eric Seidel of Google, Inc. for reporting this issue.

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.

Published Date: January 28, 2016

Related news

CVE-2022-38784: Poppler

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

CVE-2009-1702: OVH mail

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.

CVE-2009-1700: About Secunia Research | Flexera

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907