TUCoPS :: Macintosh :: bx1396.htm

Safari 2 Denial of Service
Safari 2 Denial of Service
Safari 2 Denial of Service



##############################################################

                     - S21Sec Advisory -

##############################################################

    Title:  Safari 2 Denial of Service
       ID:  S21SEC-039-en
 Severity:  Medium - Remote DoS
  History:  15.Jul.2007 Vulnerability discovered
            22.Jul.2007 Vendor contacted
            27.Jul.2007 Vendor confirmed the vulnerability
            26.Oct.2007 Safari 3 in Leopard
            14.Nov.2007 Safari 3 in Tiger

    Scope:  Remote Denial of Service
Platforms:  MacOSX
Author: David Barroso (dbarroso@s21sec.com) 
URL: http://www.s21sec.com/avisos/s21sec-039-en.txt 
  Release:  Public


[ SUMMARY ]

According to Wikipedia, Safari is a web browser developed by Apple Inc.
and included in Mac OS X.
It was first released as a public beta on January 7, 2003, as the default
browser in Mac OS X v10.3. A beta version for Microsoft Windows was
released for the first time on June 11, 2007 with support for Windows XP
and Windows Vista


[ AFFECTED VERSIONS ]

Following versions are affected with this issue:

    - Safari Version 2 (MacOSX Version)


[ DESCRIPTION ]

A crafted HTML page can make Safari crash when trying to parse the page
due to an unproper validation in the KHTML Webkit.
Example:



Safari Exploit



[ WORKAROUND ] The vulnerability was patched in Safari 3, officially released on October, 2007 (Leopard) and November, 2007 (Tiger). [ ACKNOWLEDGMENTS ] This vulnerability have been found and researched by: - David Barroso S21sec labs [ REFERENCES ] * Wikipedia. Safari http://en.wikipedia.org/wiki/Safari_%28web_browser%29 * Safari http://www.apple.com/safari/ * S21Sec http://www.s21sec.com * Blog S21sec http://blog.s21sec.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH