|
|
|
 |
Vulnerability Note VU#848960Apple Mac OS X WebKit deallocated object access vulnerabilityOverviewApple Safari WebKit fails to properly deallocate objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.I. DescriptionAccording to Apple:WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X for use in your applications. The Apple Safari WebKit component fails to properly dispose of deallocated objects. If a remote attacker persuades a user to access a specially crafted web page with Safari, that attacker may be able to cause that user to access a deallocated object leading to memory corruption. Note that this vulnerability may affect any software that uses WebKit. II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code.III. SolutionApply Apple UpdatesApple advises all users to apply Apple Security Update 2006-007, as it fixes this and other critical security flaws.
References
This vulnerability was reported in Apple Security Update 2006-007. Apple credits Tom Ferris of Security-Protocols with providing information about this vulnerability. This document was written by Jeff Gennari based on information from Apple and Security-Protocols.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||
Get Adobe Reader