‘Apple Webkit WholeText Integer Overflow Code Execution Vulnerability’
‘The information has been provided by J23.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-257/‘
* Apple WebKit
The specific flaw exists within the wholeText method of the Text element. When calculating the total size of all the text containing it, the application will wrap a 32-bit integer. The application will use this in an allocation and then later use a different value for populating the buffer. This can lead to code execution under the context of the application.
Apple has issued an update to correct this vulnerability.
More details can be found at: http://support.apple.com/kb/HT4456
2010-08-12 – Vulnerability reported to vendor
2010-11-23 – Coordinated public release of advisory’