site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2009-08-11-1 Safari 4.0.3 Safari 4.0.3 is now available and addresses the following: CoreGraphics CVE-ID: CVE-2009-2468 Available for: Windows XP and Vista Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in the drawing of long text strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Drewry of Google Inc for reporting this issue. ImageIO CVE-ID: CVE-2009-2188 Available for: Windows XP and Vista Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in the handling of EXIF metadata. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Safari CVE-ID: CVE-2009-2196 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista Impact: A maliciously crafted website may be promoted into Safari's Top Sites view Description: Safari 4 introduced the Top Sites feature to provide an at-a-glance view of a user's favorite websites. It is possible for a malicious website to promote arbitrary sites into the Top Sites view through automated actions. This could be used to facilitate a phishing attack. This issue is addressed by preventing automated website visits from affecting the Top Sites list. Only websites that the user visits manually can be included in the Top Sites list. As a note, Safari enables fraudulent site detection by default. Since the introduction of the Top Sites feature, fraudulent sites are not displayed in the Top Sites view. Credit to Inferno of SecureThoughts.com for reporting this issue. WebKit CVE-ID: CVE-2009-2195 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in WebKit's parsing of floating point numbers. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple. WebKit CVE-ID: CVE-2009-2200 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista Impact: Visiting a maliciously crafted website and clicking "Go" when viewing a malicious plug-in dialog may lead to the disclosure of sensitive information Description: WebKit allows the pluginspage attribute of the 'embed' element to reference file URLs. Clicking "Go" in the dialog that appears when an unknown plug-in type is referenced will redirect to the URL listed in the pluginspage attribute. This may allow a remote attacker to launch file URLs in Safari, and lead to the disclosure of sensitive information. This update addresses the issue by restricting the pluginspage URL scheme to http or https. Credit to Alexios Fakos of n.runs AG for reporting this issue. WebKit CVE-ID: CVE-2009-2199 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows XP and Vista Impact: Look-alike characters in a URL could be used to masquerade a website Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by supplementing WebKit's list of known look-alike characters. Look-alike characters are rendered in Punycode in the address bar. Credit to Chris Weber of Casaba Security, LLC for reporting this issue. Safari 4.0.3 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/ Safari for Mac OS X v10.5.7 and Mac OS X v10.5.8 The download file is named: Safari4.0.3Leo.dmg Its SHA-1 digest is: 9b04a33efe6b44083b064dda990b0174402ce107 Safari for Mac OS X v10.4.11 The download file is named: Safari4.0.3Ti.dmg Its SHA-1 digest is: 9a5532516d3a74a2bd65cc007db683b85e3475d7 Safari for Windows XP or Vista The download file is named: SafariSetup.exe Its SHA-1 digest is: 24486c2a3089cf0b61b50e4a75ec5f53d9c08f4f Safari+QuickTime for Windows XP or Vista The file is named: SafariQuickTimeSetup.exe Its SHA-1 digest is: 61c0e163fef26c8580297d30e6c04af7a2548038 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJKgbZ0AAoJEHkodeiKZIkBLWwIALn35RpygbXlkkNzwCt776Kf yPIRqfpe9K9hYwQwsV/5+Cu/Kcf9Jh72E3xRCtsSPFGSoqClK6VommAwtReBeaXR QXJj2OoxyX7IjestI5I2hL5ayUK+So78Pn3KQ8TdrJliak5Cba9Gh9DLye+23n8w d2Nb9MbOMz6O6ad9rpa7r/BVIRT32sJb7CZHGYQkvSy/kKILWMoEfeTagLcoo9SO a30uGIoUq9i/qZ7KpcobGfd9KOSLfftkpznL/0acvNgD4XGe3xXt6Gr8PS2RTXJe 6TWm5emYAHvnMOhcDtjsNi8cR7Yrtsoc6/T971AJ+hJRn6I713rXGUBnVrC1Qks= =RWfC -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com