‘Apple Safari WebKit HTML Button Use-after-free Vulnerability’

Summary

A vulnerability was discovered in Apple Safari for Windows, Mac OS X and iPhone.’

Credit:

‘The information has been provided by Matthieu Bonetti.
The original article can be found at: http://seclists.org/bugtraq/2010/Jun/71


Details

Vulnerable Systems:
 * Apple Safari version 4.0.5 and prior

Immune Systems:
 * Apple Safari version 5.0
 * Apple Safari version 4.1

The flaw is caused due to a use-after-free error in WebKit when rendering HTML buttons, which could be exploited by attackers to execute arbitrary code via a specially crafted web page.

CVE Information:
CVE-2010-1392

Disclosure Timeline:
2010-03-30 – Vendor notified
2010-03-30 – Vendor response
2010-06-08 – Coordinated public Disclosure’

Categories: News