I love lines like this: "Viewing a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution".
And this is for the ColorSync code! It just goes to show that a bug in the most innocuous code, when embedded into a larger application, can lead to serious vulnerabilities.
While the one above only affects Safari on Windows, below is a list of the vulnerabilities in the Mac that is patched. Pretty long list! But what I found impressive is that apple provides a description of the bug and gives credit to the person/group who reported it. I'm impressed Apple! (see the web page for the full descriptions as well as bugs affecting just Safari on Windows)
CVE-2010-0044 - may result in a cookie being set, even if Safari is configured to block cookies
CVE-2010-0046 - Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
CVE-2010-0047 - Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
CVE-2010-0048 - Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
CVE-2010-0049 - Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
CVE-2010-0050 - Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
CVE-2010-0051 - Visiting a maliciously crafted website may lead to the disclosure of sensitive information
CVE-2010-0052 - Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
CVE-2010-0053 - Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
CVE-2010-0054 - Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Todd
|