Apple fixes 12 Safari security flaws
Apple has release Safari 3.2 to fix at least a dozen security flaws, some very serious.
The update, available for Windows XP, Windows Vista and Mac OS X (Tiger and Leopard), address vulnerabilities that could be exploited to take full control of a compromised machine.
Some of the more serious flaws:
CVE-2008-1767: A heap buffer overflow issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution. Further information on the patch applied is available via
http://xmlsoft.org/XSLT/.
CVE-2008-3623: A heap buffer overflow exists in CoreGraphics’ handling of color spaces. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution.
CVE-2008-2327: Multiple uninitialized memory access issues exist in libTIFF’s handling of LZW-encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
CVE-2008-2332: A memory corruption issue exits in ImageIO’s handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
CVE-2008-3642: A buffer overflow exists in the handling of images with an embedded ICC profile. Opening a maliciously crafted image with an embedded ICC profile may lead to an unexpected application termination or arbitrary code execution.
Three of the 12 issues were found and fixed in WebKit, the open-source Web browser engine.
Safari 3.2 should be treated as an “highly critical” update. End users should apply this patch immediately.Blogger: 4 X Security Team - Create Post
[Source: zdnet]
Post a Comment