Apple OS X Safari 2.0.3 Multiple Vulnerabilities
Release Date:
April 19th, 2006
Severity:
High
Vendor:
Apple
Versions Affected:
Apple OS X 10.4.6 and prior
Safari 2.0.3 (417.9.2) and all prior versions
Overview:
Multiple vulnerabilities exist within Safari 2.0.3 (417.9.2) and all prior versions which causes the application to crash, and or may allow for an attacker to execute arbitrary code. Below are the crash address, and links to basic PoC to reproduce the crashes.
Technical Details:
0x95940f9c in KWQListIteratorImpl::KWQListIteratorImpl ()
sp-x26-1.html
0x95aa1b64 in QPainter::drawText ()
sp-x26-2.html
0xfffeff20 in objc_msgSend_rtp ()
sp-x26-4.html
Vendor Status:
Apple was notified of these issues on 01/06/2006.
Solution:
Currently no patches have been released for these vulnerabilities.
As Ilja has once said, "it is trivial to get Safari to crash". He is right...
Discovered by:
Tom Ferris
tommy[at]security-protocols[dot]com
Related Links:
http://security-protocols.com/poc/sp-x26-1.html
http://security-protocols.com/poc/sp-x26-2.html
http://security-protocols.com/poc/sp-x26-4.html
http://apple.com/macosx/