Safari 4.1.3 and Safari 5.0.3: Arbitrary Code Execution Vulnerability

Users of Safari 5.0.3 and Safari 4.1.3 please be advised of an arbitrary code execution vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

APPLE-SA-2010-11-18-1: [APPLE-SA-2010-11-18-1] Safari 5.0.3 and Safari 4.1.3

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow exists in WebKit's handling of strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 for reporting this issue.

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue exists in WebKit's handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to thabermann for reporting this issue. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fmXmpr