Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Macintosh :: bu-2003.htm

Apple Safari ColorSync Profile Integer Overflow Vulnerability



VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability
VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability



VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow 
Vulnerability

http://www.vupen.com/english/research.php 


I. BACKGROUND
---------------------

"Safari is a web browser developed by Apple. As of February 2010,
Safari was the fourth most widely used browser, with 4.45% of the
worldwide usage share of web browsers according to Net Application."


II. DESCRIPTION
--------------------- 

VUPEN Vulnerability Research Team discovered a vulnerability in
Apple Safari.

The flaw is caused by an integer overflow error in ColorSync when
processing certain images with an embedded color profile, which
could be exploited by attackers to potentially execute arbitrary
code via a specially crafted web page.



III. AFFECTED PRODUCTS
--------------------------------

Apple Safari versions prior to 4.0.5



IV. Exploits - PoCs & Binary Analysis
----------------------------------------

In-depth binary analysis of the vulnerability and a proof-of-concept
have been released by VUPEN through the VUPEN Binary Analysis
& Exploits Service :

http://www.vupen.com/exploits 


V. SOLUTION
---------------- 

Upgrade to Apple Safari 4.0.5:
http://www.apple.com/safari/download/ 


VI. CREDIT
-------------- 

The vulnerability was discovered by Sebastien Renaud of VUPEN Security


VII. ABOUT VUPEN Security
---------------------------------

VUPEN is a leading IT security research company providing vulnerability
management and security intelligence solutions which enable enterprises
and institutions to eliminate vulnerabilities before they can be
exploited, ensure security policy compliance and meaningfully measure
and manage risks.

VUPEN also provides in-depth binary analysis of vulnerabilities and
commercial-grade exploit codes to help security vendors, governments,
and corporations to evaluate and qualify risks, and protect their
infrastructures and assets.

* VUPEN Vulnerability Notification Service:

http://www.vupen.com/english/services 

* VUPEN Binary Analysis & Exploits Service :

http://www.vupen.com/exploits 


VIII. REFERENCES
----------------------

http://www.vupen.com/english/advisories/2010/0599 
http://support.apple.com/kb/HT4070 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0040 



IX. DISCLOSURE TIMELINE
----------------------------------- 

2009-12-03 - Vendor notified
2009-12-07 - Vendor response
2010-01-26 - Status update received
2010-03-04 - Status update received
2010-03-12 - Coordinated public Disclosure





TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH