‘Apple Webkit WholeText Integer Overflow Code Execution Vulnerability’


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit.’


‘The information has been provided by J23.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-257/


Vulnerable Systems:
 * Apple WebKit

The specific flaw exists within the wholeText method of the Text element. When calculating the total size of all the text containing it, the application will wrap a 32-bit integer. The application will use this in an allocation and then later use a different value for populating the buffer. This can lead to code execution under the context of the application.

Patch Availability:
Apple has issued an update to correct this vulnerability.
More details can be found at: http://support.apple.com/kb/HT4456

CVE Information:

Disclosure Timeline:
2010-08-12 – Vulnerability reported to vendor
2010-11-23 – Coordinated public release of advisory’

Categories: UNIX