madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Apple plugs drive-by download flaws in Safari browser

By | September 8, 2010, 5:54am PDT

Summary: The browse-and-you’re-hacked vulnerabilities affect both Windows and Mac users. One of the three vulnerabilities is the DLL load hijacking issue that haunts hundreds of Windows applications.

Apple has shipped Safari 5.0.2 and Safari 4.1.2 with patches for three gaping holes that expose Web surfers to drive-by download attacks.

The browse-and-you’re-hacked vulnerabilities affect both Windows and Mac users, Apple warned in an advisory.  One of the three vulnerabilities is the DLL load hijacking issue that haunts hundreds of Windows applications.

Two of the three vulnerabilities affect WebKit, the open-source rendering engine that powers Apple’s Safari and iTunes software products.

Here are the details:follow Ryan Naraine on twitter

  • CVE-2010-1805 (Windows 7, Vista, XP SP2 or later) – A search path issue exists in Safari. When displaying the location of a downloaded file, Safari launches Windows Explorer without specifying a full path to the executable. Launching Safari by opening a file in a specific directory will include that directory in the search path. Attempting to reveal the location of a downloaded file may execute an application contained in that directory, which may lead to arbitrary code execution.  This is the DLL load hijacking attack vector.
  • CVE-2010-1807 (Mac and Windows) – An input validation issue exists in WebKit’s handling of floating point data types. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • CVE-2010-1806 (Mac and Windows) – A use after free issue exists in WebKit’s handling of elements with run-in styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

Safari 5.0.2 is available for Mac OS X v10.5, Mac OS X v10.6, and Windows systems. Safari 4.1.2 is only provided for Mac OS X v10.4 systems.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Apple Macintosh, Apple Safari, Flaw, Mac OS X Server, Apple Inc., Web Browser, Arbitrary Code Execution, Safari 5.0.2, Safari 4.1.2, Apple Mac OS X, Apple Mac OS, Operating Systems, Software, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 14 Talkback(s)

  • Come again?
    The browse-and-you?re-hacked vulnerabilities affect both Windows and Mac users

    Did I just read that right?

    Further proof that you need to take care of your system, whether you're a Windows user or a Mac user. happy
    ZDNet Gravatar
    Cylon Centurion
    8th Sep 2010
  • You are asking to get flamed, aren't you?
    @NStalnecker But you are right. I use AV protection and firewall on all my Windows machines and my Ubuntu machine.
    ZDNet Gravatar
    statuskwo5
    8th Sep 2010
  • I'm a Windows user
    @statuskwo5

    People flame me all the time based on that fact.
    ZDNet Gravatar
    Cylon Centurion
    8th Sep 2010
  • Which AV do you use for Ubuntu?
    @statuskwo5

    nt
    ZDNet Gravatar
    PlayFair
    8th Sep 2010
  • Note to Apple:
    Stick to hardware. You have proven you can't do software, unless it's in a locked down, Apple controlled environment where the user has to settle for just the functionality granted by Apple and has no ability to use said "computer" or other "computing device" to do actual computing work.
    ZDNet Gravatar
    xuniL_z
    8th Sep 2010
  • RE: Apple plugs drive-by download flaws in Safari browser
    @xuniL_z
    Duh... what planet do you live on? Different tools for different jobs. I use several platforms and the Mac OS allows me to do "actual computing work" without the issues facing WinMilennium, WinVista or WinDoze in general. Your comment was ignorant. Duh. Can't we all just get along?
    ZDNet Gravatar
    tim@...
    8th Sep 2010
  • RE: Apple plugs drive-by download flaws in Safari browser
    @tim@...

    On the contrary, this article clearly states that your Apple machine is facing the same EXACT issues as your Windows counterparts...

    Although I do love MS Products, xuniL_z has a pretty accurate perception. Dollar for dollar, number for number you are more likely to have a more powerful machine if you go PC as opposed to Mac for the same amount of money. And, unless mistaken somehow, "Performance"="More computing capacity"

    With the apparent inaccuracy of the "no viruses" claim that Apple ran a short while ago (but have stopped because of clear false advertisement), the competition is now "Performance -vs- Performance"...period...

    I won't call your comment ignorant...just a bit pretentious...

    Happy Posting!!
    ZDNet Gravatar
    G-Systems
    8th Sep 2010
  • RE: Apple plugs drive-by download flaws in Safari browser
    "Microsoft can't do that!"
    "No, Apple can't do that!"
    "Well my momma can beat up your momma."

    My eleven year old daughter knows how to structure a better argument in debate.

    Microsoft does some, but not all things well. Apple does some, but not all things well. There is plenty of room in the IT market place to support (at least!) two major companies and platforms. Competition is good for consumers. It is the American Way.

    Personally, I have gone the Apple route for the past twenty five years. I am conversant with Windows and Linux, but I have yet to find anything that I cannot do efficiently with my Macs, and my iPods and soon to be my iPhone and my Apple TV. I like the fact that Apple is vertically integrated, and that Apple provides the most consistent and best consumer support in the industry. And I don't mind the fact that Steve Jobs and company run their business like a bit of a benevolent dictatorship. If I minded, I would leave, but so far, it works for me.

    During the past twenty five years, I have always protected my Macintosh systems from undesired outside incursions. That, IMHO, is a matter of basic common sense. Ergo, I have never had any, at least not yet. From everything that I have seen, heard, or experienced in the IT world, Windows is inherently more susceptible to hacking, and not merely because Apple has a smaller market share. They must be doing SOMETHING right.
    ZDNet Gravatar
    markomd
    8th Sep 2010
  • RE: Apple plugs drive-by download flaws in Safari browser
    @markomd While I agree with your points on the argument being stupid, Windows isn't inherently more susceptible to hacking. The Mac has been the first to fall at every CamSec hacking competition ever held. Their primary defense to malware currently is their small market share.
    ZDNet Gravatar
    baileysc
    8th Sep 2010
  • RE: Apple plugs drive-by download flaws in Safari browser
    What has "arbitrary code execution" proven to be?
    ZDNet Gravatar
    trm1945
    8th Sep 2010
  • Tough to defend this one eh Apple Zealots?
    Yeah, pretty tough.

    The Apple is as flawed as any other enterprise. People write code. People are not perfect. Decisions are made for financial reasons - this holds true for Microsoft, Intel, Dell, AMD, HP, Cisco, all companies which includes Apple.

    In fact Apple freaks should be grateful that there are not more problems because Apple's tyrannical business practices, its death grip strangle hold on every aspect of how their products are used by the consumers after the purchases are made is driven by capitalism (greed by the definition of lefties).

    Of course the fields are littered with other issues such as bad batteries, non user serviceable batteries, being forced to put condoms on $500 phones for decent reception, no flash support for iPads excluding millions of web pages with flash content (and it aint all just banner ads to be sure), being forced to use iTunes, and on, and on, and on...
    ZDNet Gravatar
    Raid6
    8th Sep 2010
  • RE: Apple plugs drive-by download flaws in Safari browser
    @Raid6

    Having used iTunes 10 recently on my computer, I have to say that it has gotten a lot better than 9.x.

    I also didn't mind all that much when I was surfing the web on the iPod Touch I was using when I couldn't see any flash content. (They have an app for Youtube anyway)

    Correction: Some users are forced to put bumpers on their phone to get decent reception. A majority did not have to, because they did not hold the phone that particular way. Either way, only an idiot wouldn't case their phone in the first place. Why wouldn't you put something on your 500$ (200$ with a plan) phone to protect it?
    ZDNet Gravatar
    Michael Alan Goff
    9th Sep 2010
  • goff256, just a simple question.....
    Do you defend similar decisions and situations for other companies too.
    I mean you are doing this out of good will and not just as an Apple representative, correct?
    ZDNet Gravatar
    xuniL_z
    9th Sep 2010
    • Flagged
  • RE: Apple plugs drive-by download flaws in Safari browser
    The best way to answer it would be to say that I've been called a "M$" shill far more times than I can count. I primarily use Windows. Never touched a Mac or OSX in my life to be honest, though I hope to change that sooner or later.

    The only times I defend decisions, at least on here, is when I see some smug bastard act like their personal OS of choice is God's own gift to the world. That type of smug arrogance just makes me... a little mad.

    Maybe that isn't the "good will" you expected, but it is the truth. happy
    ZDNet Gravatar
    Michael Alan Goff
    9th Sep 2010

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here