ID: IRCNE2012031432
Date: 2012-03-11
According to “CNet”, the Danish IT security firm Secunia has released an advisory regarding two unpatched vulnerabilities in Apple's Safari 5 Web browser. These vulnerabilities are so far are not known to be actively exploited; however, if done, they could allow an attacker to run malicious software and conduct spoofing attacks on those using the browser.
The first vulnerability is in Safari's plug-in handling system, where in some instances when interacting with the plug-in, if you navigate to a new page, the plug-in may be unloaded in a way that allows it to write to freed memory and thereby allow code to be injected into components of memory no longer being controlled by the plug-in process. Secunia has been able to exploit this bug in Safari version 5.1.2 (the Windows version) using the RealPlayer and Adobe Flash plug-ins, though the company warns that other versions may also be affected.
The second vulnerability is a problem with a built-in function called "setInterval," where when exploited, a malicious attack can display arbitrary contents on the screen when a trusted URL is being visited, potentially allowing for spoofing and misleading people visiting those pages. This bug was found in version 5.0.5 of the Web browser, but has been partially fixed in version 5.1.2, though it apparently is still exploitable to some extent.
While Secunia has just released information on these exploits, they have been known for quite a while, with the plug-in vulnerability being around for over 6 months, and the setInterval function bug being known for over 8 months. Secunia apparently contacted Apple regarding its findings, but following little or no response from Apple has followed the guidelines of its disclosure policy and made the information on these exploits public.
- 2