Vulnerability Note VU#351217

Apple Safari WebKit component vulnerable to buffer overflow

Original Release date: 03 Mar 2006 | Last revised: 06 Mar 2006


Apple Safari WebKit component is vulnerable to buffer overflow. This may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.



Apple Safari is a web browser that comes with the Mac OS X operating system.


According to Apple:

    WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X for use in your applications.
More information is available at the WebKit Project website.

The Problem

The Apple Safari WebKit component contains a heap-based buffer overflow. This vulnerability can be triggered by persuading a user to access a specially crafted web page with Safari.


WebKit may be used in other Apple software including, but not limited to Dashboard and Mail.


A remote attacker may be able to execute arbitrary code or crash any application using WebKit


Install an update
This issue is correced in Apple Security Update 2006-001.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected-03 Mar 2006
NokiaUnknown06 Mar 200606 Mar 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This issue was reported in Apple Security Update 2006-001. Apple credits Suresec LTD with reporting this issue.

This document was written by Jeff Gennari

Other Information

  • CVE IDs: CVE-2005-4504
  • Date Public: 22 Dec 2005
  • Date First Published: 03 Mar 2006
  • Date Last Updated: 06 Mar 2006
  • Severity Metric: 17.21
  • Document Revision: 15


If you have feedback, comments, or additional information about this vulnerability, please send us email.