Update Protection against Apple Safari WebKit Selections Use After Free
| Check Point Reference: | CPAI-2010-447 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA42264 | |
| Industry Reference(s): | CVE-2010-1812 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Apple Computer Safari 4.x prior to 4.1.3 Apple Computer Safari 5.x prior to 5.0.3 | ||
| Vulnerability Description Safari is a web browsing application developed by Apple. The browser is capable of processing HTML, images, scripting languages, and various other popular Internet specifications. Safari is the default web browser included with Mac OS X. A simplified version, MobileSafari, runs on Apple iPhone devices. The browser can also run on other operating systems such as Microsoft's Windows XP and Vista. Safari browsing functionality is built around the set of components called WebKit. |
||
|
Vulnerability Details A code execution vulnerability has been reported in Apple Safari. The vulnerability is due to a use-after-free error when processing selections. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted web page. In attack scenarios where code execution is successful the behavior of the target machine would depend entirely on the intention of the injected code, which would run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.