About the security content of Safari 4.0.5

This document describes the security content of Safari 4.0.5.

For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To find out more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To find out more about other Security Updates, see "Apple Security Updates".

Safari 4.0.5

  • ColorSync

    CVE-ID: CVE-2010-0040

    Available for: Windows 7, Vista, XP

    Impact: Viewing a maliciously crafted image with an embedded colour profile may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow that could result in a heap buffer overflow exists in the handling of images with an embedded colour profile. Opening a maliciously crafted image with an embedded colour profile may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by performing additional validation of colour profiles. This issue does not affect Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability Research Team for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2009-2285

    Available for: Windows 7, Vista, XP

    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer underflow exists in ImageIO’s handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-001.

  • ImageIO

    CVE-ID: CVE-2010-0041

    Available for: Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website

    Description: An uninitialised memory access issue exists in ImageIO’s handling of BMP images. Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website. This issue is addressed through improved memory handling and additional validation of BMP images. Credit to Matthew “j00ru” Jurczyk of Hispasec for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-0042

    Available for: Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website

    Description: An uninitialised memory access issue exists in ImageIO’s handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website. This issue is addressed through improved memory handling and additional validation of TIFF images. Credit to Matthew “j00ru” Jurczyk of Hispasec for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-0043

    Available for: Windows 7, Vista, XP

    Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Gus Mueller of Flying Meat for reporting this issue.

  • PubSub

    CVE-ID: CVE-2010-0044

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting or updating a feed may result in a cookie being set, even if Safari is configured to block cookies

    Description: An implementation issue exists in the handling of cookies set by RSS and Atom feeds. Visiting or updating a feed may result in a cookie being set, even if Safari is configured to block cookies via the “Accept Cookies” preference. This update addresses the issue by respecting the preference while updating or viewing feeds.

  • Safari

    CVE-ID: CVE-2010-0045

    Available for: Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: An issue in Safari’s handling of external URL schemes may cause a local file to be opened in response to a URL encountered on a web page. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved validation of external URLs. This issue does not affect Mac OS X systems. Credit to Billy Rios and Microsoft Vulnerability Research (MSVR) for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0046

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit’s handling of CSS format() arguments. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS format() arguments. Credit to Robert Swiecki of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0047

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in the handling of HTML object element fallback content. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint’s Zero Day Initiative, for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0048

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit’s parsing of XML documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint’s Zero Day Initiative, for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0049

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in the handling of HTML elements containing right-to-left displayed text. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative, for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0050

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit’s handling of incorrectly nested HTML tags. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative, for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0051

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

    Description: An implementation issue exists in WebKit’s handling of cross-origin stylesheet requests. Visiting a maliciously crafted website may disclose the content of protected resources on another website. This update addresses the issue by performing additional validation on stylesheets that are loaded during a cross-origin request.

  • WebKit

    CVE-ID: CVE-2010-0052

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit’s handling of callbacks for HTML elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit: Apple.

  • WebKit

    CVE-ID: CVE-2010-0053

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in the rendering of content with a CSS display property set to “run-in”. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative, for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0054

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit’s handling of HTML image elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit: Apple.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple's recommendation or endorsement. Please contact the vendor for additional information.

Published Date: