Apple plugs 48 Safari, WebKit security holes

[eBay blocking transactions from Safari 3.0] Apple has shipped new versions of its Safari browser with patches for at least 48 security vulnerabilities.

Apple has shipped new versions of its Safari browser with patches for at least 48 security vulnerabilities.

The Safari 4.1 and 5.0 updates, considered "highly critical," is available for both Windows and Mac OS X.  Exploitation of some of these vulnerabilities could lead to drive-by download (remote code execution) attacks. The majority of the documented vulnerabilities affected WebKit, the open-source Web browser engine that powers Safari.

Here's the skinny on some of the more critical issues:

  • ColorSync (CVE-2009-1726) -- A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution.
  • Safari (CVE-2010-1384) -- Safari supports the inclusion of user information in URLs, which allows the URL to specify a username and password to authenticate the user to the named server. These URLs are often used to confuse users, which can potentially aid phishing attacks.
  • Safari (CVE-2010-1385) -- A use after free issue exists in Safari's handling of PDF files. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • Safari (CVE-2010-1750) -- A use after free issue exists in Safari's management of windows. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • WebKit (CVE-2010-1392) -- A use after free issue exists in WebKit's rendering of HTML buttons. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • WebKit (CVE-2010-1119) -- A use after free issue exists in WebKit's handling of attribute manipulation. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • WebKit (CVE-2010-1422) -- An implementation issue exists in WebKit's handling of keyboard focus. If the keyboard focus changes during the processing of key presses, WebKit may deliver an event to the newly-focused frame, instead of the frame that had focus when the key press occurred. A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase.

Safari 5.0 and Safari 4.1 address the same set of security issues.