site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-09-07-1 Safari 5.0.2 and Safari 4.1.2 Safari 5.0.2 and Safari 4.1.2 is now available and addresses the following: Safari CVE-ID: CVE-2010-1805 Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a file in a directory that is writable by other users may lead to arbitrary code execution Description: A search path issue exists in Safari. When displaying the location of a downloaded file, Safari launches Windows Explorer without specifying a full path to the executable. Launching Safari by opening a file in a specific directory will include that directory in the search path. Attempting to reveal the location of a downloaded file may execute an application contained in that directory, which may lead to arbitrary code execution. This issue is addressed by using an explicit search path when launching Windows Explorer. This issue does not affect Mac OS X systems. Credit to Simon Raner of ACROS Security for reporting this issue. WebKit CVE-ID: CVE-2010-1807 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An input validation issue exists in WebKit's handling of floating point data types. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of floating point values. Credit to Luke Wagner of Mozilla for reporting this issue. WebKit CVE-ID: CVE-2010-1806 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue exists in WebKit's handling of elements with run-in styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of object pointers. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue. Safari 5.0.2 and Safari 4.1.2 address the same set of security issues. Safari 5.0.2 is provided for Mac OS X v10.5, Mac OS X v10.6, and Windows systems. Safari 4.1.2 is provided for Mac OS X v10.4 systems. Safari 5.0.2 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/ Safari 4.1.2 is available via the Apple Software Update application, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Safari for Mac OS X v10.6.2 and later The download file is named: Safari5.0.2SnowLeopard.dmg Its SHA-1 digest is: 695730a04038240c340571abf62c08f1ad5a8a5c Safari for Mac OS X v10.5.8 The download file is named: Safari5.0.2Leopard.dmg Its SHA-1 digest is: 3b71a553b53b8c22e0f4f21842f500ef5d6ed0e7 Safari for Mac OS X v10.4.11 The download file is named: Safari4.1.2Tiger.dmg Its SHA-1 digest is: 35aafd64b4a74115469bc83dc390857b896197a3 Safari for Windows 7, Vista or XP The download file is named: SafariSetup.exe Its SHA-1 digest is: 2ee92f29599b4bc554f9820171ad03398a15577b Safari for Windows 7, Vista or XP from the Microsoft Choice Screen The download file is named: Safari_Setup.exe Its SHA-1 digest is: a3418d1a4199bcc308c059b7c2caf14a20277ebb Safari+QuickTime for Windows 7, Vista or XP The file is named: SafariQuickTimeSetup.exe Its SHA-1 digest is: 0036cb2c832bed516c3df14f01772a3906c25270 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJMkqDfAAoJEGnF2JsdZQeekLgH/0NWHxYvcnohuV5dPz3UcHAf PTm8BkNyvsvfVFDzAI7UTItJ/+iQUgMCBQ8OCTfKW7J+uNLNS6mpiYL8AHVULUrV elTiYkrtawyWvpmdgJa5frgqPVNyw3xytLRgJFMZyUAJ5DHGFt4HlT5UtmNygKTP D3o5jlyg7ZBUBw/GmVzGVgWyw3ggHRWYt7PIkHCgbT/7CY8lgW1zzfB1N/5QB07g 9haA120bkzWIjgu+TXwQvy8tLGnOH8cx0FOYEg2QfXNvhJ4yxbKeyFPRUiDfQm2l w5ADU337P6fMPYdx0q9TlXLlmraGsG34EmjFnueS+MxrVm1Pi9Bb8AcIklb1G4s= =h9PJ -----END PGP SIGNATURE----- This email sent to site_archiver@lists.apple.com