‘Apple WebKit CSS Run-in Attribute Rendering Vulnerability’

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari and other WebKit based browsers.’

Credit:

‘The information has been provided by wushi of team509.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-030


Details

Vulnerable Systems:
 * Apple WebKit
 * Apple Safari
 * Google Chrome

User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

The specific flaw exists in the handling of the run-in value for display CSS styles. A specially crafted web page can cause a use after free() condition in WebKit’s WebCore::RenderBlock() method. This can be further leveraged by attackers to execute arbitrary code under the context of the current user.

Patch Availability:
Apple has issued an update to correct this vulnerability. More details can be found at:
http://support.apple.com/kb/HT4070

CVE Information:
CVE-2010-0053

Disclosure Timeline:
2009-10-21 – Vulnerability reported to vendor
2010-03-16 – Coordinated public release of advisory’

Categories: UNIX