iDefense Security Advisory 07.20.11 – Remote exploitation of a memory corruption vulnerability in Apple Inc.’s Safari browser could allow an attacker to execute arbitrary code with the privileges of the current user. Safari is Apple’s Web browser and is based on the open source WebKit browser engine. This vulnerability occurs when Safari incorrectly handles an error state when encountering a broken XHTML tag.
>> CATEGORY: Apple
iDefense Security Advisory 07.20.11 – Remote exploitation of a heap based buffer overflow vulnerability in WebKit, as included with Apple Inc.’s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
iDefense Security Advisory 07.20.11 – Remote exploitation of a use-after-free vulnerability in WebKit, as included with Apple Inc.’s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user.
Apple Security Advisory 2011-07-20-1 – A large amount of security issues have been addressed in Safari versions 5.1 and 5.0.6. These range from cross site scripting, possible arbitrary code execution, accidental trust in a disable root certificate, buffer and integer overflows, and more.
Secunia Security Advisory – A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user’s system.
Apple Security Advisory 2011-07-15-2 – A buffer overflow exists in FreeType’s handling of TrueType font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
Apple Security Advisory 2011-07-15-1 – A buffer overflow exists in FreeType’s handling of TrueType fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Secunia Security Advisory – A vulnerability has been reported in Apple iOS, which can be exploited by malicious people to compromise a vulnerable system.
Apple Security Advisory 2011-06-28-2 – Multiple vulnerabilities exist in Java 1.6.0_24, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
A corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library. This affects viewing files in both the Preview.app application or via Quick Look. Mac OS X 10.6.6 with RawCamera.bundle versions prior to 3.6 are affected.