Apple plugs drive-by download flaws in Safari browser

Apple plugs drive-by download flaws in Safari browser

Summary: The browse-and-you're-hacked vulnerabilities affect both Windows and Mac users. One of the three vulnerabilities is the DLL load hijacking issue that haunts hundreds of Windows applications.

SHARE:

Apple has shipped Safari 5.0.2 and Safari 4.1.2 with patches for three gaping holes that expose Web surfers to drive-by download attacks.

The browse-and-you're-hacked vulnerabilities affect both Windows and Mac users, Apple warned in an advisory.  One of the three vulnerabilities is the DLL load hijacking issue that haunts hundreds of Windows applications.

Two of the three vulnerabilities affect WebKit, the open-source rendering engine that powers Apple's Safari and iTunes software products.

Here are the details:follow Ryan Naraine on twitter

  • CVE-2010-1805 (Windows 7, Vista, XP SP2 or later) -- A search path issue exists in Safari. When displaying the location of a downloaded file, Safari launches Windows Explorer without specifying a full path to the executable. Launching Safari by opening a file in a specific directory will include that directory in the search path. Attempting to reveal the location of a downloaded file may execute an application contained in that directory, which may lead to arbitrary code execution.  This is the DLL load hijacking attack vector.
  • CVE-2010-1807 (Mac and Windows) -- An input validation issue exists in WebKit's handling of floating point data types. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • CVE-2010-1806 (Mac and Windows) -- A use after free issue exists in WebKit's handling of elements with run-in styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

Safari 5.0.2 is available for Mac OS X v10.5, Mac OS X v10.6, and Windows systems. Safari 4.1.2 is only provided for Mac OS X v10.4 systems.

Topics: Operating Systems, Apple, Browser, Hardware, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • Come again?

    [i]The browse-and-you?re-hacked vulnerabilities affect both Windows [b]and Mac users[/b][/i]

    Did I just read that right?

    Further proof that you need to take care of your system, whether you're a Windows user or a Mac user. :)
    The one and only, Cylon Centurion
    • You are asking to get flamed, aren't you?

      @NStalnecker But you are right. I use AV protection and firewall on all my Windows machines and my Ubuntu machine.
      statuskwo5
      • I'm a Windows user

        @statuskwo5

        People flame me all the time based on that fact.
        The one and only, Cylon Centurion
      • Which AV do you use for Ubuntu?

        @statuskwo5

        nt
        PlayFair
  • Note to Apple:

    Stick to hardware. You have proven you can't do software, unless it's in a locked down, Apple controlled environment where the user has to settle for just the functionality granted by Apple and has no ability to use said "computer" or other "computing device" to do actual computing work.
    xuniL_z
    • RE: Apple plugs drive-by download flaws in Safari browser

      @xuniL_z
      Duh... what planet do you live on? Different tools for different jobs. I use several platforms and the Mac OS allows me to do "actual computing work" without the issues facing WinMilennium, WinVista or WinDoze in general. Your comment was ignorant. Duh. Can't we all just get along?
      tim@...
      • RE: Apple plugs drive-by download flaws in Safari browser

        @tim@... <br><br>On the contrary, this article clearly states that your Apple machine is facing the same EXACT issues as your Windows counterparts... <br><br>Although I do love MS Products, xuniL_z has a pretty accurate perception. Dollar for dollar, number for number you are more likely to have a more powerful machine if you go PC as opposed to Mac for the same amount of money. And, unless mistaken somehow, "Performance"="More computing capacity"<br><br>With the apparent inaccuracy of the "no viruses" claim that Apple ran a short while ago (but have stopped because of clear false advertisement), the competition is now "Performance -vs- Performance"...period... <br><br>I won't call your comment ignorant...just a bit pretentious...<br><br>Happy Posting!!
        GSystems
  • RE: Apple plugs drive-by download flaws in Safari browser

    "Microsoft can't do that!"
    "No, Apple can't do that!"
    "Well my momma can beat up your momma."

    My eleven year old daughter knows how to structure a better argument in debate.

    Microsoft does some, but not all things well. Apple does some, but not all things well. There is plenty of room in the IT market place to support (at least!) two major companies and platforms. Competition is good for consumers. It is the American Way.

    Personally, I have gone the Apple route for the past twenty five years. I am conversant with Windows and Linux, but I have yet to find anything that I cannot do efficiently with my Macs, and my iPods and soon to be my iPhone and my Apple TV. I like the fact that Apple is vertically integrated, and that Apple provides the most consistent and best consumer support in the industry. And I don't mind the fact that Steve Jobs and company run their business like a bit of a benevolent dictatorship. If I minded, I would leave, but so far, it works for me.

    During the past twenty five years, I have always protected my Macintosh systems from undesired outside incursions. That, IMHO, is a matter of basic common sense. Ergo, I have never had any, at least not yet. From everything that I have seen, heard, or experienced in the IT world, Windows is inherently more susceptible to hacking, and not merely because Apple has a smaller market share. They must be doing SOMETHING right.
    markomd
    • RE: Apple plugs drive-by download flaws in Safari browser

      @markomd While I agree with your points on the argument being stupid, Windows isn't inherently more susceptible to hacking. The Mac has been the first to fall at every CamSec hacking competition ever held. Their primary defense to malware currently is their small market share.
      baileysc
  • RE: Apple plugs drive-by download flaws in Safari browser

    What has "arbitrary code execution" proven to be?
    trm1945
  • Tough to defend this one eh Apple Zealots?

    Yeah, pretty tough.

    The Apple is as flawed as any other enterprise. People write code. People are not perfect. Decisions are made for financial reasons - this holds true for Microsoft, Intel, Dell, AMD, HP, Cisco, all companies which includes Apple.

    In fact Apple freaks should be grateful that there are not more problems because Apple's tyrannical business practices, its death grip strangle hold on every aspect of how their products are used by the consumers after the purchases are made is driven by capitalism (greed by the definition of lefties).

    Of course the fields are littered with other issues such as bad batteries, non user serviceable batteries, being forced to put condoms on $500 phones for decent reception, no flash support for iPads excluding millions of web pages with flash content (and it aint all just banner ads to be sure), being forced to use iTunes, and on, and on, and on...
    Raid6
    • RE: Apple plugs drive-by download flaws in Safari browser

      @Raid6

      Having used iTunes 10 recently on my computer, I have to say that it has gotten a lot better than 9.x.

      I also didn't mind all that much when I was surfing the web on the iPod Touch I was using when I couldn't see any flash content. (They have an app for Youtube anyway)

      Correction: Some users are forced to put bumpers on their phone to get decent reception. A majority did not have to, because they did not hold the phone that particular way. Either way, only an idiot wouldn't case their phone in the first place. Why wouldn't you put something on your 500$ (200$ with a plan) phone to protect it?
      Michael Alan Goff
      • goff256, just a simple question.....

        Do you defend similar decisions and situations for other companies too.
        I mean you are doing this out of good will and not just as an Apple representative, correct?
        xuniL_z
      • RE: Apple plugs drive-by download flaws in Safari browser

        The best way to answer it would be to say that I've been called a "M$" shill far more times than I can count. I primarily use Windows. Never touched a Mac or OSX in my life to be honest, though I hope to change that sooner or later.

        The only times I defend decisions, at least on here, is when I see some smug bastard act like their personal OS of choice is God's own gift to the world. That type of smug arrogance just makes me... a little mad.

        Maybe that isn't the "good will" you expected, but it is the truth. :)
        Michael Alan Goff