ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Apple plugs 48 Safari, WebKit security holes

By | June 8, 2010, 7:00am PDT

Summary: [eBay blocking transactions from Safari 3.0] Apple has shipped new versions of its Safari browser with patches for at least 48 security vulnerabilities.

Apple has shipped new versions of its Safari browser with patches for at least 48 security vulnerabilities.

The Safari 4.1 and 5.0 updates, considered “highly critical,” is available for both Windows and Mac OS X.  Exploitation of some of these vulnerabilities could lead to drive-by download (remote code execution) attacks.
The majority of the documented vulnerabilities affected WebKit, the open-source Web browser engine that powers Safari.

Here’s the skinny on some of the more critical issues:

  • ColorSync (CVE-2009-1726) — A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution.
  • Safari (CVE-2010-1384) — Safari supports the inclusion of user information in URLs, which allows the URL to specify a username and password to authenticate the user to the named server. These URLs are often used to confuse users, which can potentially aid phishing attacks.
  • Safari (CVE-2010-1385) — A use after free issue exists in Safari’s handling of PDF files. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • Safari (CVE-2010-1750) — A use after free issue exists in Safari’s management of windows. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • WebKit (CVE-2010-1392) — A use after free issue exists in WebKit’s rendering of HTML buttons. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • WebKit (CVE-2010-1119) — A use after free issue exists in WebKit’s handling of attribute manipulation. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • WebKit (CVE-2010-1422) — An implementation issue exists in WebKit’s handling of keyboard focus. If the keyboard focus changes during the processing of key presses, WebKit may deliver an event to the newly-focused frame, instead of the frame that had focus when the key press occurred. A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase.

Safari 5.0 and Safari 4.1 address the same set of security issues.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Security, Apple Safari, Apple Inc., Arbitrary Code Execution, WebKit, Application Termination, Web Site Development, Web Technology, Internet, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
42
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Apple plugs 48 Safari, WebKit security holes
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
Wow that should make no one feel safe
Johnny Vegas 8th Jun 2010
sad
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
hamobu-22333136139518773481685514128812 8th Jun 2010
@Johnny Vegas

Wow that should make no one feel safe

Yeah but switching to Crome or firefox should make you feel a lot safer.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
Tsingi 8th Jun 2010
@hamobu
Chrome and Safari share the webkit codebase. So for the most part these were chrome fixes as well.

I use Chrome, Safari and Firefox, depending on what I'm doing. (and where)

FireFox is definitely the one to use for every day browsing. I use Chrome/Safari for app interfaces.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
hamobu-22333136139518773481685514128812 11th Jun 2010
@Tsingi

Chrome and Safari share the webkit codebase. So for the most part these were chrome fixes as well.

Yes, but I think that Chrome runs in protected sandbox environment. That's while Safary was first to fail in pawn2own competition and Chrome did not fail.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
vulpine@... 8th Jun 2010
@Johnny Vegas What? The fact that it was possible, or the fact that they fixed it?
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
781lc 8th Jun 2010
Ryan, where did you get the "upgrades?" The Apple/Safari download page shows that most recent to be 4.05 and my auto update has not indicated or downloaded anything.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
lovedong 13th Sep
Thanks a lot. replica watches
0 Votes
+ -
Ebay blocking transactions?
OhTheHumanity 8th Jun 2010
Does this mean there is some active exploits out there targeting Safari 3.0?
0 Votes
+ -
I'm sure Apple just got the last bugs out of Safari
NonZealot 8th Jun 2010
Yay, no more drive bys, unlike the last 2 PWN2OWN where OS X fell within seconds!

Um, you guys think there are no more security holes in Safari now that these FORTY EIGHT have been fixed, right? How many more could there possibly be?
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
skunkyjosh Updated - 8th Jun 2010
@NonZealot

Because Safari is the only browser with holes in it? Right? Don't kid yourself here, Adobe, Apple and Google all needs to fix their browsers to the new hackers trend whenever they figure them out.

Hackers are looking for holes and programmers are fixing the holes. That's how it works in the software industry, you fix the flaws, the bugs, the back doors and you release a new version of the software.
0 Votes
+ -
This was never an acceptable rebuttle wrt IE.
ye 8th Jun 2010
@skunkyjosh: Because Safari is the only browser with holes in it?
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
hamobu-22333136139518773481685514128812 8th Jun 2010
@skunkyjosh

Because Safari is the only browser with holes in it? Right?

No. Safari is not the only one with holes, but Safari is the one with helluva lot of holes
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
vulpine@... 8th Jun 2010
@skunkyjosh: ... as are all the others, Flash, Acrobat Reader, etc...
0 Votes
+ -
A whole lot of nothing
Trolleur 8th Jun 2010
This is no big deal. All of the awesome memory protections and sandboxing in OS X make it immune to worms and viruses that affect almost all Windows machines. When was the last time anyone at all heard of active exploitation of Safari??? Anyone?
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
DaveN_MVP 8th Jun 2010
@Trolleur

You're right, I've certainly never heard of a Safari exploit. I must not get out much as I don't believe I've met a single person who uses it. Even my Mac loving friends use Firefox. And of course all business users go with IE for the superior automatic patching.

I heard that on top of their already world class security, Apple is considering putting real ASLR into OSX some day.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
vulpine@... 8th Jun 2010
@DaveN_MVP "... superior automatic patching..." of IE 6. When everybody else is using 7 or 8.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
windozefreak 8th Jun 2010
@DaveN_MVP
The short answer is I don't know how many have been exploited. You admitted you didn't either. But this much I do know. This thing has as many holes as a sieve. Wouldn't you agree??
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
ubiquitous one 8th Jun 2010
Safari holes with no exploits? Being patched before any are created?

Not a bad thing if true. Wish M$ could be so good since it's usually ass_backwards with them.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
rengek 9th Jun 2010
@DaveN_MVP
There are no high profile cases but thats because most people use windows instead. And even mac users prefer ff over safari so its fast becoming a red headed step child.

Remember, just because you don't hear about murders in your home town on the news don't mean it's not happening. its just not sexy enough to make prime time.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
Snarfiorix 8th Jun 2010
@Trolleur

Yeah, your right, so they must be spending all that bug hunting and security fix resources patching it for the Windows users only.. so nice of Apple

Now.. who's telling Apple that they could have saved themselves the trouble? Anyone I know uses IE, Firefox or Chrome on Windows PC's, and the Mac users... yes we know by nown that they have nothing to worry about.. its all safe...thanks to OSX
0 Votes
+ -
You can't exploit something that isn't used.
John Zern 8th Jun 2010
Trolleur , you right, it never gets exploited, because it's never used.

Sort of like a knife: You can't cut yourself with it if you never take it out of it's sheath! happy
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
dvm 8th Jun 2010
@Trolleur
"All of the awesome memory protections and sandboxing in OS X make it immune to worms and viruses that affect almost all Windows machines"

From what I know, OS X don't have a complex ASLR implementation or sandbox protection. Do you have a link supporting otherwise? BTW, Windows have sandbox for IE and Chrome, plus Linux browsers can be secured with AppArmor.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
windozefreak 8th Jun 2010
@dvm
you are determined to make this conversation about windows, but you are failing miserably. This article was not about the holes/vulnerabilities in windows, but, those in safari while on osx systems. We can discuss and ridicule windows when the next report about comes out, but, this is Apples 60 seconds in the box. In the box they are. Here is a question for you. How can anyone operate on software with these many holes in it? I'd like to hear your comments on this question.
0 Votes
+ -
A whole lot of ignorance
smtp4me@... 8th Jun 2010
@Trolleur - Windows Server 2008 and Windows use memory address randomization (ASLR). I've read that Apple is considering it for future versions of OSx, but it's interesting that MS is ahead of Apple with implementing this technology.

Is OSx more secure out of the box? It's debatable, however I have been running Windows since version 3.1 and have NEVER been compromised by a virus, trojan, malware, etc. Why? Because I have 17 years experience in IT and computer security - if you know what you're doing, you can lock down/secure any OS.

One final thought: the reason no one can name a recent active exploitation of Safari is because the bad guys aren't writing code to exploit a browser that has the smallest user base - it's not worth it.
0 Votes
+ -
Happy birthday, Safari. Say hello to Flash
honeymonster 8th Jun 2010
Safari 4 was released exactly one year ago, June 8, 2009.

In those 12 months, Safari has managed to rake up 80 vulnerabilities. Good job!

Ironic that Apples cult leader accuses Flash of being insecure, eh? Flash 10 has been hit with 26 vulns. But that was since October 2008, over a span of 20 months.

Which means that Safari is more than 5 times as vulnerable as Flash. And that's just Safari - not counting other OS X vulns.

Maybe Jobs is under influence of his own RDF. Or maybe he has ulterior motives for calling out Flash?
0 Votes
+ -
So when will Safari be banned from the iPhone?
NonZealot 8th Jun 2010
Or is there a double standard at play here? happy
0 Votes
+ -
"Flash 10 has been hit with 26 vulns."...
vulpine@... 8th Jun 2010
@honeymonster: And how many exploits? How dangerous is a vulnerability if it's never exploited. How safe is a lock when it's made of swiss cheese? No matter how you look at it, Flash is still the #1 highway to infect PCs in the world.
0 Votes
+ -
Who CARES about mere
arminw 8th Jun 2010
@honeymonster
vulnerabilities? It's not how often house is broken into, but how often houses in your neighborhood are broken into. The facts are that for every thousand viruses and other crud for Windows, there exists maybe one or fewer for the Mac. Macs may not be secure, any more than Windows is secure, but the indisputable facts are, that Macs are thousands of times safer than any Windows computer. This also holds true for Linux.
0 Votes
+ -
@arminw Needs To Put Down The Apple Kool Aid...
smtp4me@... 8th Jun 2010
@arminw:
"It's not how often house is broken into, but how often houses in your neighborhood are broken into" - WRONG! If a neighborhood has 20 houses, and only one of them is Apple, the ratio will ALWAYS be smaller. The reason Apple has a lower rate of being compromised, is because there are fewer people using it. Apparently simple math eludes you.

"Macs are thousands of times safer than any Windows computer. This also holds true for Linux." Really??? I work for a very large software company, whose external web servers are running Windows and IIS, and they have NEVER BEEN COMPROMISED! Every OS is vulnerable, but if you know what you're doing, it can be secured.

At the most recent PWN2OWN - OSx went down in a matter of seconds. I find it VERY funny that you are trashing Windows in the feedback section of an article about 48 flaws found in Apple's browser alone.
0 Votes
+ -
CVE-2009-1726 appears to have been addressed in Security Update 2009-03
ye 8th Jun 2010
Is this an update to that patch?
0 Votes
+ -
Garbage
vpico3 8th Jun 2010
Safari is a piece of garbage.
0 Votes
+ -
I agree Safari is a piece of garbage ....more over priced Mac
SoYouSaid 8th Jun 2010
crap that only the uppies seem to love..............:-(
0 Votes
+ -
Safari on Windoze is garbage
ubiquitous one 8th Jun 2010
On OSX it's good enough, although most Mac users I know use mostly Firefox.

Apple should just abandon Safari for Windoze and use their resources elsewhere.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
myclub 1st Jul
http://www.52tube.com/
http://www.wctube.com/
http://www.cameporn.com/
http://www.escortbayan9.com/
tamam
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
MACKENZI 10th Sep
I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
MARAGARET 11th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
RHIANNONA 13th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
SATURNINA 13th Sep
I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
TOCCAR 25th Sep
Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board. z d n e t t h a n k Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
CLAUDET 26th Sep
This is my first visit to z d n e t site. Thanks a lot and keep sharing the information. Keep updating the information for all of us.how can i clean up, because i don???t know why it seems my skeen has to fat i get the glasses dirty every day.i search y a h o o Very good quality indeed. I surely recommend it. The template used in their site is also great.
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
MEJIAHA 30th Sep
Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
0 Votes
+ -
RE: Apple plugs 48 Safari, WebKit security holes
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix