Apple plugs drive-by download flaws in Safari browser

Summary:The browse-and-you're-hacked vulnerabilities affect both Windows and Mac users. One of the three vulnerabilities is the DLL load hijacking issue that haunts hundreds of Windows applications.

Apple has shipped Safari 5.0.2 and Safari 4.1.2 with patches for three gaping holes that expose Web surfers to drive-by download attacks.

The browse-and-you're-hacked vulnerabilities affect both Windows and Mac users, Apple warned in an advisory.  One of the three vulnerabilities is the DLL load hijacking issue that haunts hundreds of Windows applications.

Two of the three vulnerabilities affect WebKit, the open-source rendering engine that powers Apple's Safari and iTunes software products.

Here are the details:

follow Ryan Naraine on twitter

  • CVE-2010-1805 (Windows 7, Vista, XP SP2 or later) -- A search path issue exists in Safari. When displaying the location of a downloaded file, Safari launches Windows Explorer without specifying a full path to the executable. Launching Safari by opening a file in a specific directory will include that directory in the search path. Attempting to reveal the location of a downloaded file may execute an application contained in that directory, which may lead to arbitrary code execution.  This is the DLL load hijacking attack vector.
  • CVE-2010-1807 (Mac and Windows) -- An input validation issue exists in WebKit's handling of floating point data types. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • CVE-2010-1806 (Mac and Windows) -- A use after free issue exists in WebKit's handling of elements with run-in styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

Safari 5.0.2 is available for Mac OS X v10.5, Mac OS X v10.6, and Windows systems. Safari 4.1.2 is only provided for Mac OS X v10.4 systems.

Topics: Operating Systems, Apple, Browser, Hardware, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.