You are here

U-222: Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information

July 27, 2012 - 7:00am

Addthis

PROBLEM:

Apple Safari Bugs Let Remote Users Execute Arbitrary Code, Spoof the URL Address Bar, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information

PLATFORM:

Version(s):Apple Safari prior to 6.0

ABSTRACT:

Multiple vulnerabilities were reported in Apple Safari.

referenceĀ  LINKS:

The Vendor's Advisory
Bugtraq ID: 54683
SecurityTracker Alert ID: 1027307

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities were reported in Apple Safari. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can conduct HTTP response splitting attacks. A remote user can spoof URLs. A remote user can obtain potentially sensitive information.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3913, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3599, CVE-2012-3600, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3615, CVE-2012-3618, CVE-2012-3620, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3674, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3686] The code will run with the privileges of the target user.

A remote user can cause arbitrary scripting code to be executed by the target user's browser [CVE-2012-0678, CVE-2012-2815, CVE-2012-3695]. The code will run in the security context of an arbitrary site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user can create specially crafted HTML that, when loaded by the target user, will cause files on the target user's system to be sent to a remote server [CVE-2012-0679].

Some password input elements may be autocompleted even if the site specifies that autocomplete be disabled [CVE-2012-0680].

A remote user can create specially crafted HTML that, when loaded by the target user, will exploit a flaw in processing SVG images to obtain memory contents [CVE-2012-3650].

When the target user drags and drops selected text on a specially crafted web page, the web page can obtain information from other domains [CVE-2012-3689] or files from the target user's system [CVE-2012-3690].

A remote user can submit a specially crafted URL to cause the target server to return a split response [CVE-2012-3696]. A remote user can exploit this to spoof content on the target server, attempt to poison any intermediate web caches, or conduct cross-site scripting attacks.

A remote user can create specially crafted HTML that, when loaded by the target user, will exploit a flaw in the processing of CSS property values to obtain information from a different site [CVE-2012-3691].

A remote user can create a URL with specially crafted characters to spoof a domain name in the address bar [CVE-2012-3693].

A user can drag and drop a file to Safari to cause the filesystem path to be disclosed to remote users [CVE-2012-3694].

An application can exploit an access control flaw to escape the sandbox and access files with the privileges of the target user [CVE-2012-3697].

Impact:

Disclosure of authentication information
Disclosure of system information
Disclosure of user information
Execution of arbitrary code via network
Modification of user information
User access via network

Solution:

The vendor has issued a fix available via the Apple Software Update application.

Addthis