ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Apple plugs code execution, phishing holes in Safari browser

By | August 12, 2009, 6:39am PDT

Summary: Apple has released Safari 4.0.3 to fix at least six security vulnerabilities that put Mac and Windows users at risk of hacker attacks. The update is considered highly-critical and should be immediately applied on both Windows and Mac systems because of the risk of information disclosure, phishing and remote code execution attacks. Here’s a snapshot of the [...]

Apple has released Safari 4.0.3 to fix at least six security vulnerabilities that put Mac and Windows users at risk of hacker attacks.

The update is considered highly-critical and should be immediately applied on both Windows and Mac systems because of the risk of information disclosure, phishing and remote code execution attacks.

Here’s a snapshot of the vulnerabilities being fixed:

  • CVE-2009-2468 (Windows XP and Vista) — A heap buffer overflow exists in the drawing of long
  • text strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
  • CVE-2009-2188 (Windows XP and Vista) — A buffer overflow exists in the handling of EXIF metadata. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
  • CVE-2009-2196 (Mac OS X, Windows XP and Vista) – Safari 4 introduced the Top Sites feature to provide an at-a-glance view of a user’s favorite websites. It is possible for a malicious website to promote arbitrary sites into the Top Sites view through automated actions. This could be used to facilitate a phishing attack.
  • CVE-2009-2195 (Mac OS X, Windows XP and Vista) — A buffer overflow exists in WebKit’s parsing of floating point numbers. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
  • CVE-2009-2200 (Mac OS X, Windows XP and Vista) — WebKit allows the pluginspage attribute of the ‘embed’ element to reference file URLs. Clicking “Go” in the dialog that appears when an unknown plug-in type is referenced will redirect to the URL listed in the pluginspage attribute. This may allow a remote attacker to launch file URLs in Safari, and lead to the disclosure of sensitive information. This update addresses the issue by restricting the pluginspage URL scheme to http or https.
  • CVE-2009-2199 (Mac OS X, Windows XP and Vista) – The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by supplementing
  • WebKit’s list of known look-alike characters. Look-alike characters are rendered in Punycode in the address bar.

The new browser version is available via the Apple Software Update application or Apple’s Safari download site.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Apple Macintosh, Apple Safari, Microsoft Windows Vista, Apple Inc., Web Site, Web Browser, Arbitrary Code Execution, Application Termination, Browser Version, Phishing, Microsoft Windows, Apple Mac OS X, Microsoft Windows Vista (Longhorn), Apple Mac OS, Microsoft Windows XP, Web Site Development, Cyberthreats, Operating Systems, Security, Spam And Phishing, Software, Internet, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
8
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Apple plugs code execution, phishing holes in Safari browser
birumut Updated - 29th Apr 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat
View in thread
0 Votes
+ -
Well...
vikingnyc@... 12th Aug 2009
At least I didn't have to wait until Patch Tuesday...
0 Votes
+ -
not patch tuesday
CrashPad 12th Aug 2009
But patch weekly is the theme for anything Apple.
0 Votes
+ -
LOL! Because all of these were discovered and fixed...
ye 12th Aug 2009
...at exactly the same time. You're fooling yourself if you think Apple releases a patch as soon as it's fixed. It's no different than Microsoft except Microsoft let's you know when to expect patches. Apple, well, it's whenever they feel like it.
0 Votes
+ -
I like that my mac just updates
HollywoodDog 12th Aug 2009
No scrolling through lists of optional updates. Just do it and don't bug me.
0 Votes
+ -
This discussion was going on in another thread...
CrashPad 12th Aug 2009
How apathetic therefore vulnerable Apple users really are with this attitide. Cultivated and nutured by Apple!!! What a computing experience, not knowing what is really going on. You dont do banking on your Mac do you???
0 Votes
+ -
If it ain't broke, don't fix it...
Geotopia 12th Aug 2009
especially on a mission critical computer or in the middle of a project.
I'm always amazed by people's rush to apply the latest patch, my own
included when I installed Safari 4.0.0. Took a good half day to strip out
the Webkit Framework updates and go back to Safari 3.1.2. Safari 4.0.2 is
finally solid and I'm going to wait a couple of weeks before making any
rush to update.
0 Votes
+ -
Mac security is definitely improving!
Trolleur 12th Aug 2009
Only six browser-based vulnerabilities is this bugfix release!
Better than the fifty we saw for Safari 4.0. I also appreciate the
limited information that Apple releases in these security
updates -- there is certainly no need to be verbose like
Microsoft and detail the severity and exploit vectors of all
vulnerabilities.
0 Votes
+ -
RE: Apple plugs code execution, phishing holes in Safari browser
birumut Updated - 29th Apr 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix